Overview

File _patchinfo of Package patchinfo.334

<patchinfo incident="334">
  <issue id="912370" tracker="bnc">CVE-2015-0563: SMTP dissector crash</issue>
  <issue id="912372" tracker="bnc">CVE-2015-0564: TLS/SSL decryption crash</issue>
  <issue id="912365" tracker="bnc">CVE-2015-0559, CVE-2015-0560: WCCP dissector crash</issue>
  <issue id="912369" tracker="bnc">CVE-2015-0562: DEC DNA Routing Protocol dissector crash</issue>
  <issue id="912368" tracker="bnc">CVE-2015-0561: LPP dissector crash</issue>
  <issue id="CVE-2015-0559" tracker="cve" />
  <issue id="CVE-2015-0560" tracker="cve" />
  <issue id="CVE-2015-0561" tracker="cve" />
  <issue id="CVE-2015-0562" tracker="cve" />
  <issue id="CVE-2015-0563" tracker="cve" />
  <issue id="CVE-2015-0564" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>cyliu</packager>
  <description>
      This update fixes the following security issues:

- The following vulnerabilities allowed Wireshark to be crashed by
  injecting a malformed packet onto the wire or by convincing someone
  to read a malformed packet trace file.
  + The WCCP dissector could crash
    wnpa-sec-2015-01 CVE-2015-0559 CVE-2015-0560 [boo#912365]
  + The LPP dissector could crash.
    wnpa-sec-2015-02 CVE-2015-0561 [boo#912368]
  + The DEC DNA Routing Protocol dissector could crash.
    wnpa-sec-2015-03 CVE-2015-0562 [boo#912369]
  + The SMTP dissector could crash. 
    wnpa-sec-2015-04 CVE-2015-0563 [boo#912370]
  + Wireshark could crash while decypting TLS/SSL sessions.
    wnpa-sec-2015-05 CVE-2015-0564 [boo#912372]
</description>
  <summary>Security update for wireshark</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places