Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 9 Jun 2016 13:16:09 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE Request: wireshark releases

Hello,

On 06/08/2016 09:28 AM, Marcus Meissner wrote:
> Please assign CVEs to the current wireshark releases (if not done so).
>
> Wireshark 2.0.4
> https://www.wireshark.org/lists/wireshark-announce/201606/msg00000.html
>
> Wireshark 1.12.12
> https://www.wireshark.org/lists/wireshark-announce/201606/msg00001.html

Specifically:


https://www.wireshark.org/security/wnpa-sec-2016-29
<https://www.wireshark.org/security/wnpa-sec-2016-29.html>
SPOOLS infinite loop. Fixed in 2.0.4, 1.12.12.
https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b


https://www.wireshark.org/security/wnpa-sec-2016-30
<https://www.wireshark.org/security/wnpa-sec-2016-30.html>
IEEE 802.11 dissector crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585
https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4


https://www.wireshark.org/security/wnpa-sec-2016-31
<https://www.wireshark.org/security/wnpa-sec-2016-31.html>
IEEE 802.11 dissector crash, different from wpna-sec-2016-30. Fixed in
2.0.4.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175
https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185


https://www.wireshark.org/security/wnpa-sec-2016-32
<https://www.wireshark.org/security/wnpa-sec-2016-32.html>
UMTS FP crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191
https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4


https://www.wireshark.org/security/wnpa-sec-2016-33
<https://www.wireshark.org/security/wnpa-sec-2016-33.html>
USB dissector crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6


https://www.wireshark.org/security/wnpa-sec-2016-34
<https://www.wireshark.org/security/wnpa-sec-2016-34.html>
Toshiba file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394
https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f
https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b


https://www.wireshark.org/security/wnpa-sec-2016-35
<https://www.wireshark.org/security/wnpa-sec-2016-35.html>
CoSine file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500


https://www.wireshark.org/security/wnpa-sec-2016-36
<https://www.wireshark.org/security/wnpa-sec-2016-36.html>
NetScreen file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396
https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78


https://www.wireshark.org/security/wnpa-sec-2016-37
<https://www.wireshark.org/security/wnpa-sec-2016-37.html>
Ethernet dissector crash. Fixed in 2.0.4.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440
https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7


https://www.wireshark.org/security/wnpa-sec-2016-38
<https://www.wireshark.org/security/wnpa-sec-2016-38.html>
WBXML infinite loop. Fixed in 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0


Andreas

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.