Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 16 Update: wireshark-1.6.10-1.fc16
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Monday 27th August 2012 22:55:57 UTC (over 4 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12085
2012-08-17 05:24:23
--------------------------------------------------------------------------------

Name        : wireshark
Product     : Fedora 16
Version     : 1.6.10
Release     : 1.fc16
URL         : http://www.wireshark.org/
Summary     : Network traffic analyzer
Description :
Wireshark is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for wireshark. A graphical user interface is packaged
separately to GTK+ package.

--------------------------------------------------------------------------------
Update Information:

Upgrade to wireshark 1.6.10
The following vulnerabilities have been fixed.

wnpa-sec-2012-13: The DCP ETSI dissector could trigger a zero division.
wnpa-sec-2012-15: The XTP dissector could go into an infinite loop.
wnpa-sec-2012-17: The AFP dissector could go into a large loop.
wnpa-sec-2012-18: The RTPS2 dissector could overflow a buffer.
wnpa-sec-2012-20: The CIP dissector could exhaust system memory.
wnpa-sec-2012-21: The STUN dissector could crash.
wnpa-sec-2012-22: The EtherCAT Mailbox dissector could abort.
wnpa-sec-2012-23: The CTDB dissector could go into a large loop.

See http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
for details.
The following vulnerabilities have been fixed.
wnpa-sec-2012-11: The PPP dissector could crash.
wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU.
The following vulnerabilities have been fixed.
wnpa-sec-2012-11: The PPP dissector could crash.
wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 16 2012 Jan Safranek <[email protected]> - 1.6.10-1
- upgrade to 1.6.10
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
* Tue Jul 24 2012 Jan Safranek <[email protected]> - 1.6.9-1
- upgrade to 1.6.9
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.9.html
* Wed May 23 2012 Jan Safranek <[email protected]> - 1.6.8-1
- upgrade to 1.6.8
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html
* Mon May 21 2012 Jan Safranek <[email protected]> - 1.6.7-2
- Removed dependency on GeoIP on RHEL.
* Tue Apr 10 2012 Jan Safranek <[email protected]> - 1.6.7-1
- upgrade to 1.6.7
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.7.html
* Wed Mar 28 2012 Jan Safranek <[email protected]> - 1.6.6-1
- upgrade to 1.6.6
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.6.html
* Fri Mar  9 2012 Jan Safranek <[email protected]> - 1.6.5-2
- fixed wireshark crashing when using combo box in import dialog (#773290)
- added AES support into netlogon dissector
* Wed Jan 11 2012 Jan Safranek <[email protected]> - 1.6.5-1
- upgrade to 1.6.5
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.5.html
* Fri Dec  2 2011 Jan Safranek <[email protected]> - 1.6.4-1
- upgrade to 1.6.4
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.4.html
- build with c-ares and libpcap (#759305)
- fixed display of error message boxes on startup in gnome3 (#752559)
* Mon Nov 14 2011 Jan Safranek <[email protected]> - 1.6.3-2
- added dependency on shadow-utils (#753293)
- removed usermode support
* Wed Nov  2 2011 Jan Safranek <[email protected]> - 1.6.3-1
- upgrade to 1.6.3
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.3.html
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #848541 - CVE-2012-4285 wireshark: crash due to zero division
in DCP ETSI dissector (wnpa-sec-2012-13)
        https://bugzilla.redhat.com/show_bug.cgi?id=848541
  [ 2 ] Bug #848548 - CVE-2012-4288 wireshark: DoS via excessive resource
consumption in XTP dissector (wnpa-sec-2012-15)
        https://bugzilla.redhat.com/show_bug.cgi?id=848548
  [ 3 ] Bug #848561 - CVE-2012-4289 wireshark: DoS via excessive CPU
consumption in AFP dissector (wnpa-sec-2012-17)
        https://bugzilla.redhat.com/show_bug.cgi?id=848561
  [ 4 ] Bug #848565 - CVE-2012-4296 wireshark: DoS via excessive CPU
consumption in RTPS2 dissector (wnpa-sec-2012-18)
        https://bugzilla.redhat.com/show_bug.cgi?id=848565
  [ 5 ] Bug #848568 - CVE-2012-4297 wireshark: buffer overflow in GSM RLC
MAC dissector (wnpa-sec-2012-19)
        https://bugzilla.redhat.com/show_bug.cgi?id=848568
  [ 6 ] Bug #848572 - CVE-2012-4291 wireshark: DoS via excessive system
resource consumption in CIP dissector (wnpa-sec-2012-20)
        https://bugzilla.redhat.com/show_bug.cgi?id=848572
  [ 7 ] Bug #848575 - CVE-2012-4292 wireshark: crash in STUN dissector
(wnpa-sec-2012-21)
        https://bugzilla.redhat.com/show_bug.cgi?id=848575
  [ 8 ] Bug #848577 - CVE-2012-4293 wireshark: premature exit in EtherCAT
Mailbox dissector (wnpa-sec-2012-22)
        https://bugzilla.redhat.com/show_bug.cgi?id=848577
  [ 9 ] Bug #848578 - CVE-2012-4290 wireshark: DoS via excessive CPU
consumption in CTDB dissector (wnpa-sec-2012-23)
        https://bugzilla.redhat.com/show_bug.cgi?id=848578
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update wireshark' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms