Описание
ELSA-2013-1569: wireshark security, bug fix, and enhancement update (MODERATE)
[1.8.10-4.0.1.el6]
- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect
[1.8.10-4]
- fix memory leak when reassemblying a packet
- Related: #711024
[1.8.10-3]
- fix config.h conflict
- Related: #711024
[1.8.10-2]
- do not configure with setcap-install
- Related: #711024
[1.8.10-1]
- upgrade to 1.8.10
- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html
- Related: #711024
[1.8.8-10]
- fix consolehelper path for dumpcap
- Related: #711024
[1.8.8-9]
- fix dumpcap group
- Related: #711024
[1.8.8-8]
- fix tshark output streams and formatting for -L, -D
- Resolves: #1004636
[1.8.8-7]
- fix double free in wiretap/netmon.c
- Related: #711024
[1.8.8-6]
- security patches
- Resolves: CVE-2013-4927 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-3557
[1.8.8-5]
- fix desktop file
- Related: #711024
[1.8.8-4]
- fix tap-iostat buffer overflow
- fix dcom string overrun
- fix sctp bytes graph crash
- fix airpcap dialog crash
- Related: #711024
[1.8.8-3]
- fix dumpcap privileges to 755
- Related: #711024
[1.8.8-2]
- new sources
- Related: #711024
[1.8.8-1]
- upgrade to 1.8.8
- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- Resolves: #711024
- Resolves: #858976
- Resolves: #699636
- Resolves: #750712
- Resolves: #832021
- Resolves: #889346
- Resolves: #659661
- Resolves: #715560
[1.2.15-3]
- security patches
- Resolves: CVE-2011-1143 CVE-2011-1590 CVE-2011-1957 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-1958 CVE-2011-2597 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0066 CVE-2012-0067 CVE-2012-0042 CVE-2012-1595
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
wireshark
1.8.10-4.0.1.el6
wireshark-devel
1.8.10-4.0.1.el6
wireshark-gnome
1.8.10-4.0.1.el6
Oracle Linux i686
wireshark
1.8.10-4.0.1.el6
wireshark-devel
1.8.10-4.0.1.el6
wireshark-gnome
1.8.10-4.0.1.el6
Связанные CVE
Ссылки на источники
Связанные уязвимости
[REJECTED CVE] A denial of service flaw was found in the way WTP dissector of Wireshark, a network traffic analyzer, performed dissection of certain WTP packet capture files. A remote attacker could provide a specially-crafted WTP packet / packet capture that, once processed, would lead to excessive CPU consumption or into situation where tshark executable would enter an infinite loop, when trying to process the crafted packet / packet capture file.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.