| Summary: | wireshark new security vulnerabilities fixed in 1.4.12 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Florian Hubold <doktor5000> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, olivier.delaune, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
Testing on 64-bits system. Basic tests performed (packet capture, ...). It is working well. CC:
(none) =>
olivier.delaune Validating the update.
Could someone from the sysadmin team push the srpm
wireshark-1.4.12-1.mga1.src.rpm
from Core Updates Testing to Core Updates.
Advisory:
o The ANSI A dissector could dereference a NULL pointer and crash
( http://www.wireshark.org/security/wnpa-sec-2012-04.html )
o The pcap and pcap-ng file parsers could crash trying to read ERF data
( http://www.wireshark.org/security/wnpa-sec-2012-06.html )
o The MP2T dissector could try to allocate too much memory and crash
( http://www.wireshark.org/security/wnpa-sec-2012-07.html )
o fixes 13 various other bugs (not security-related)
Other fixes in this release:
o fixes 13 various other bugs (not security-related)
https://bugs.mageia.org/show_bug.cgi?id=5164Keywords:
(none) =>
validated_update update pushed Status:
NEW =>
RESOLVED |
There is now wireshark-1.4.12-1.mga1 in core/updates_testing to validate ------------------------------------------------------- Suggested advisory: ------------------- o The ANSI A dissector could dereference a NULL pointer and crash ( http://www.wireshark.org/security/wnpa-sec-2012-04.html ) o The pcap and pcap-ng file parsers could crash trying to read ERF data ( http://www.wireshark.org/security/wnpa-sec-2012-06.html ) o The MP2T dissector could try to allocate too much memory and crash ( http://www.wireshark.org/security/wnpa-sec-2012-07.html ) o fixes 13 various other bugs (not security-related) Other fixes in this release: o fixes 13 various other bugs (not security-related) ------------------------------------------------------- Steps to reproduce: - install/update to update candidate - POCs/capture files available from following bug reports: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6823 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6833 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5939 (this last one is not security-related, but still a crasher bug)