Overview

File _patchinfo of Package patchinfo.2444

<patchinfo incident="2444">
  <issue id="968565" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixes in 1.12.10, 2.0.2</issue>
  <issue id="976944" tracker="bnc">VUL-1: wireshark: multiple vulnerabilities fixes in 1.12.11, 2.0.3</issue>
  <issue id="CVE-2016-2530" tracker="cve" />
  <issue id="CVE-2016-2531" tracker="cve" />
  <issue id="CVE-2016-2532" tracker="cve" />
  <issue id="CVE-2016-2523" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>cyliu</packager>
  <description>This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file.

- The PKTC dissector could crash (wnpa-sec-2016-22)
- The PKTC dissector could crash (wnpa-sec-2016-23)
- The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24)
- Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) 
- The GSM CBCH dissector could crash (wnpa-sec-2016-26)
- The NCP dissector could crash (wnpa-sec-2016-28)
- CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03)
- CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10)
- CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10)
- CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11)
- GSM A-bis OML dissector crash (wnpa-sec-2016-14)
- ASN.1 BER dissector crash (wnpa-sec-2016-15)
- ASN.1 BER dissector crash (wnpa-sec-2016-18) 

Also containsfurther bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html 
https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html
</description>
  <summary>Security update for wireshark</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places