Wireshark was update to 1.10.10 [bnc#897055]
On openSUSE 12.3, the package was upgraded to 1.10.x from 1.8.x as it was discontinued.
This update fixes vulnerabilities in Wireshark that could allow
an attacker to crash Wireshark or make it become unresponsive by
sending specific packages onto the network or have it loaded via
a capture file while the dissectors are running. It also contains
a number of other bug fixes.
* RTP dissector crash
wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422
* MEGACO dissector infinite loop
wnpa-sec-2014-13 CVE-2014-6423
* Netflow dissector crash
wnpa-sec-2014-14 CVE-2014-6424
* RTSP dissector crash
wnpa-sec-2014-17 CVE-2014-6427
* SES dissector crash
wnpa-sec-2014-18 CVE-2014-6428
* Sniffer file parser crash
wnpa-sec-2014-19 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431
CVE-2014-6432
- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html
- includes changes from 1.10.9:
fixes several crashes triggered by malformed protocol packages
- vulnerabilities fixed:
* The Catapult DCT2000 and IrDA dissectors could underrun a buffer
wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162 (bnc#889901)
* The GSM Management dissector could crash
wnpa-sec-2014-09 CVE-2014-5163 (bnc#889906)
* The RLC dissector could crash
wnpa-sec-2014-10 CVE-2014-5164 (bnc#889900)
* The ASN.1 BER dissector could crash
wnpa-sec-2014-11 CVE-2014-5165 (bnc#889899)
- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html
- Submitted by Andreas Stieger (AndreasStieger)