File _patchinfo of Package patchinfo.4755

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.4755

<patchinfo incident="4755">
  <issue id="968565" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixes in 1.12.10, 2.0.2</issue>
  <issue id="961170" tracker="bnc">Package wireshark should not depend on wireshark-ui</issue>
  <issue id="CVE-2016-2530" tracker="cve" />
  <issue id="CVE-2016-2531" tracker="cve" />
  <issue id="CVE-2016-2532" tracker="cve" />
  <issue id="CVE-2016-2523" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>Wireshark was updated to 1.12.10, fixing a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file, specifically:
- CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03)
- CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10)
- CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10)
- CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11)
- GSM A-bis OML dissector crash (wnpa-sec-2016-14)
- ASN.1 BER dissector crash (wnpa-sec-2016-15)
- ASN.1 BER dissector crash (wnpa-sec-2016-18)

Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html

The following non-security bugs were fixed:

- boo#961170: Recommend wireshark-ui instead of requiring it to support text-only used
</description>
  <summary>Security update for wireshark</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.4755

Places