Security update for wireshark

SUSE Security Update: Security update for wireshark
Announcement ID: SUSE-SU-2013:0322-1
Rating: moderate
References: #801131
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11 SP2
  • SUSE Linux Enterprise Server 11 SP2 for VMware
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Desktop 11 SP2
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4
    		•

    An update that contains security fixes can now be installed. It includes one version update.

    Description:


    wireshark was updated to 1.8.5 (bnc#801131), fixing bugs
    and security issues:

    The following vulnerabilities have been fixed:

    * Infinite and large loops in the Bluetooth HCI, CSN.1,
    DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS,
    R3, RTPS, SDP, and SIP dissectors wnpa-sec-2013-01
    CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575
    CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579
    CVE-2013-1580 CVE-2013-1581
    * The CLNP dissector could crash wnpa-sec-2013-02
    CVE-2013-1582
    * The DTN dissector could crash wnpa-sec-2013-03
    CVE-2013-1583 CVE-2013-1584
    * The MS-MMC dissector (and possibly others) could
    crash wnpa-sec-2013-04 CVE-2013-1585
    * The DTLS dissector could crash wnpa-sec-2013-05
    CVE-2013-1586
    * The ROHC dissector could crash wnpa-sec-2013-06
    CVE-2013-1587
    * The DCP-ETSI dissector could corrupt memory
    wnpa-sec-2013-07 CVE-2013-1588
    * The Wireshark dissection engine could crash
    wnpa-sec-2013-08 CVE-2013-1589
    * The NTLMSSP dissector could overflow a buffer
    wnpa-sec-2013-09 CVE-2013-1590

    Further bug fixes and updated protocol support as listed in:

    http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html
    >

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11 SP2:
      zypper in -t patch sdksp2-wireshark-7317
    • SUSE Linux Enterprise Server 11 SP2 for VMware:
      zypper in -t patch slessp2-wireshark-7317
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp2-wireshark-7317
    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-wireshark-7317

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.5]:
    • wireshark-devel-1.8.5-0.2.1
    • SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.5]:
    • wireshark-1.8.5-0.2.1
    • SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.5]:
    • wireshark-1.8.5-0.2.1
    • SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.5]:
    • wireshark-1.8.5-0.2.1
    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
    • wireshark-1.6.13-0.5.1
    • wireshark-devel-1.6.13-0.5.1
    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.5]:
    • wireshark-1.8.5-0.2.1
    • SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
    • wireshark-1.6.13-0.5.1
    • SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
    • wireshark-devel-1.6.13-0.5.1

    References:

    • https://bugzilla.novell.com/801131
    • http://download.suse.com/patch/finder/?keywords=00d047ef2619f2e2b31e0f986b29d382
    • http://download.suse.com/patch/finder/?keywords=90ed0d8af6b9a4a1e0c3b81971586592