Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon,  1 Aug 2016 12:04:08 -0400 (EDT)
From: cve-assign@...re.org
To: astieger@...e.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Wireshark 2.0.5 and 1.12.13 security releases

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Wireshark 2.0.5 and 1.12.13 were announced to contain fixes of the usual
> dissector crash / endless loop read from wire or capture file type:

We think one typo ended up in your
http://openwall.com/lists/oss-security/2016/07/28/3 post:

> MMSE infinite loop (wnpa-sec-2016-43)
> The MMSE dissector could go into an infinite loop. It may be possible to
> make Wireshark consume excessive CPU resources by injecting a malformed
> packet onto the wire or by convincing someone to read a malformed packet
> trace file. Affects 1.12.0 to 1.12.12, fixed 1.12.13
> https://www.wireshark.org/security/wnpa-sec-2016-43.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624
> 
> RLC long loop (wnpa-sec-2016-44)
> The RLC dissector could go into a long loop. It may be possible to make
> Wireshark consume excessive CPU resources by injecting a malformed
> packet onto the wire or by convincing someone to read a malformed packet
> trace file. Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5,
> 1.12.13.
> https://www.wireshark.org/security/wnpa-sec-2016-44.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624

wnpa-sec-2016-44 is Wireshark bug 12660, not 12624. Here are
the 11 CVE IDs:


CVE-2016-6503
http://www.wireshark.org/security/wnpa-sec-2016-39.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1


CVE-2016-6504
http://www.wireshark.org/security/wnpa-sec-2016-40.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9eacbb4d48df647648127b9258f9e5aeeb0c7d99


CVE-2016-6505
http://www.wireshark.org/security/wnpa-sec-2016-41.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95


CVE-2016-6506
http://www.wireshark.org/security/wnpa-sec-2016-42.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499


CVE-2016-6507
http://www.wireshark.org/security/wnpa-sec-2016-43.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5a10743258bd016c07ebf6479137fda3d172a0f


CVE-2016-6508
http://www.wireshark.org/security/wnpa-sec-2016-44.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb


CVE-2016-6509
http://www.wireshark.org/security/wnpa-sec-2016-45.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb


CVE-2016-6510
http://www.wireshark.org/security/wnpa-sec-2016-46.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe


CVE-2016-6511
http://www.wireshark.org/security/wnpa-sec-2016-47.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3


CVE-2016-6512
http://www.wireshark.org/security/wnpa-sec-2016-48.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e


CVE-2016-6513
http://www.wireshark.org/security/wnpa-sec-2016-49.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXn3I1AAoJEHb/MwWLVhi2UdAP/06WJAU6wBEINx2Q8T7lXtGw
PT+IooGuVUxKd16B7UH2zM1ccnjnLyne5W6rDPmLVoQ93i03pSOVsXx2INyXT1Is
v55zOj1ifYCCFRaiRueD9zFtdooa2rUKJbGqUuv3IActhX/kSTvcAFahGjbA+fyy
h8ea4aAie86710v2HsSE6g0sVj00WT9oAn7oTCdtyO2m0TyDJ0Al0s0HUeOrJjw2
CLnsnT35KtWDQ8YnAckBEMZ/LfXK2H+WQLZGrp3TE2dRVkt3bK+9lW5HVO5efD5m
c2GbP17vGZH/FukGZXbgRszXPpGpb05/4VJ9I2jZfyYN336/qALwS0b4WEwUFZIj
qXjSUiCDGLyGNaF5P2URY5jIWkLysKViZFG0xvDOECwOjUmvPgKHjjCunUQcvHns
yzyghuaJoRQiXw1k6bXaH5YsXHo6maahejTDhZolPpZdQ9VdRB2R2m7m0MR1eGay
3OuxCvZVPtwxLjgFkhSb3rgaOMGgSWkd9Djh9NLRvhrI7kCob57XXG5JbxFb2okZ
zXu2dQG/XbbX3OWydYfXrQDiqIbzNSpV2sABGqtzcl0/KiGN40JzILSzobxuA+o3
qBaslvgcTS1xzwgC1V5co1b/vIA9CCpdGDbrQVfO700/xHqjRr7D9FnICnkWaeKn
0KVjTOG4zF2op/nuy7ug
=95/1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ