Sicherheit: Mehrere Probleme in Wireshark - Pro-Linux

Name        : wireshark
Product     : Fedora 17
Version     : 1.6.10
Release     : 1.fc17
URL         : http://www.wireshark.org/
Summary     : Network traffic analyzer
Description :
Wireshark is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for wireshark. A graphical user interface is packaged
separately to GTK+ package.

-------------------------------------------------------------------------------
-
Update Information:

Upgrade to wireshark 1.6.10

The following vulnerabilities have been fixed.

wnpa-sec-2012-13: The DCP ETSI dissector could trigger a zero division.

wnpa-sec-2012-15: The XTP dissector could go into an infinite loop.

wnpa-sec-2012-17: The AFP dissector could go into a large loop.

wnpa-sec-2012-18: The RTPS2 dissector could overflow a buffer.

wnpa-sec-2012-20: The CIP dissector could exhaust system memory.

wnpa-sec-2012-21: The STUN dissector could crash.

wnpa-sec-2012-22: The EtherCAT Mailbox dissector could abort.

wnpa-sec-2012-23: The CTDB dissector could go into a large loop.

See http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html for details.
The following vulnerabilities have been fixed.

wnpa-sec-2012-11: The PPP dissector could crash.

wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU.
The following vulnerabilities have been fixed.

wnpa-sec-2012-11: The PPP dissector could crash.

wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU.
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Aug 16 2012 Jan Safranek <jsafrane@redhat.com> - 1.6.10-1
- upgrade to 1.6.10
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
* Tue Jul 24 2012 Jan Safranek <jsafrane@redhat.com> - 1.6.9-1
- upgrade to 1.6.9
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.9.html
* Wed May 23 2012 Jan Safranek <jsafrane@redhat.com> - 1.6.8-1
- upgrade to 1.6.8
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html
* Mon May 21 2012 Jan Safranek <jsafrane@redhat.com> - 1.6.7-2
- Removed dependency on GeoIP on RHEL.
* Tue Apr 10 2012 Jan Safranek <jsafrane@redhat.com> - 1.6.7-1
- upgrade to 1.6.7
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.7.html
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #848541 - CVE-2012-4285 wireshark: crash due to zero division in
 DCP ETSI dissector (wnpa-sec-2012-13)
        https://bugzilla.redhat.com/show_bug.cgi?id=848541
  [ 2 ] Bug #848548 - CVE-2012-4288 wireshark: DoS via excessive resource
 consumption in XTP dissector (wnpa-sec-2012-15)
        https://bugzilla.redhat.com/show_bug.cgi?id=848548
  [ 3 ] Bug #848561 - CVE-2012-4289 wireshark: DoS via excessive CPU
 consumption in AFP dissector (wnpa-sec-2012-17)
        https://bugzilla.redhat.com/show_bug.cgi?id=848561
  [ 4 ] Bug #848565 - CVE-2012-4296 wireshark: DoS via excessive CPU
 consumption in RTPS2 dissector (wnpa-sec-2012-18)
        https://bugzilla.redhat.com/show_bug.cgi?id=848565
  [ 5 ] Bug #848568 - CVE-2012-4297 wireshark: buffer overflow in GSM RLC MAC
 dissector (wnpa-sec-2012-19)
        https://bugzilla.redhat.com/show_bug.cgi?id=848568
  [ 6 ] Bug #848572 - CVE-2012-4291 wireshark: DoS via excessive system
 resource consumption in CIP dissector (wnpa-sec-2012-20)
        https://bugzilla.redhat.com/show_bug.cgi?id=848572
  [ 7 ] Bug #848575 - CVE-2012-4292 wireshark: crash in STUN dissector
 (wnpa-sec-2012-21)
        https://bugzilla.redhat.com/show_bug.cgi?id=848575
  [ 8 ] Bug #848577 - CVE-2012-4293 wireshark: premature exit in EtherCAT
 Mailbox dissector (wnpa-sec-2012-22)
        https://bugzilla.redhat.com/show_bug.cgi?id=848577
  [ 9 ] Bug #848578 - CVE-2012-4290 wireshark: DoS via excessive CPU
 consumption in CTDB dissector (wnpa-sec-2012-23)
        https://bugzilla.redhat.com/show_bug.cgi?id=848578
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update wireshark' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce