Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Jun 2016 13:16:09 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE Request: wireshark releases

Hello,

On 06/08/2016 09:28 AM, Marcus Meissner wrote:
> Please assign CVEs to the current wireshark releases (if not done so).
>
> Wireshark 2.0.4
> https://www.wireshark.org/lists/wireshark-announce/201606/msg00000.html
>
> Wireshark 1.12.12
> https://www.wireshark.org/lists/wireshark-announce/201606/msg00001.html

Specifically:


https://www.wireshark.org/security/wnpa-sec-2016-29
<https://www.wireshark.org/security/wnpa-sec-2016-29.html>
SPOOLS infinite loop. Fixed in 2.0.4, 1.12.12.
https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b


https://www.wireshark.org/security/wnpa-sec-2016-30
<https://www.wireshark.org/security/wnpa-sec-2016-30.html>
IEEE 802.11 dissector crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585
https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4


https://www.wireshark.org/security/wnpa-sec-2016-31
<https://www.wireshark.org/security/wnpa-sec-2016-31.html>
IEEE 802.11 dissector crash, different from wpna-sec-2016-30. Fixed in
2.0.4.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175
https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185


https://www.wireshark.org/security/wnpa-sec-2016-32
<https://www.wireshark.org/security/wnpa-sec-2016-32.html>
UMTS FP crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191
https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4


https://www.wireshark.org/security/wnpa-sec-2016-33
<https://www.wireshark.org/security/wnpa-sec-2016-33.html>
USB dissector crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6


https://www.wireshark.org/security/wnpa-sec-2016-34
<https://www.wireshark.org/security/wnpa-sec-2016-34.html>
Toshiba file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394
https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f
https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b


https://www.wireshark.org/security/wnpa-sec-2016-35
<https://www.wireshark.org/security/wnpa-sec-2016-35.html>
CoSine file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500


https://www.wireshark.org/security/wnpa-sec-2016-36
<https://www.wireshark.org/security/wnpa-sec-2016-36.html>
NetScreen file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396
https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78


https://www.wireshark.org/security/wnpa-sec-2016-37
<https://www.wireshark.org/security/wnpa-sec-2016-37.html>
Ethernet dissector crash. Fixed in 2.0.4.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440
https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7


https://www.wireshark.org/security/wnpa-sec-2016-38
<https://www.wireshark.org/security/wnpa-sec-2016-38.html>
WBXML infinite loop. Fixed in 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0


Andreas

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.