Описание
ELSA-2014-0341: wireshark security update (MODERATE)
[1.0.15-6.0.1.el5]
- Added oracle-ocfs2-network.patch
- increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]
[1.0.15-6]
- security patches
- Resolves: CVE-2012-6056 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-3557 CVE-2013-3559 CVE-2013-4081 CVE-2013-4083 CVE-2013-4927 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-5721 CVE-2013-7112 CVE-2014-2281 CVE-2014-2299
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
wireshark
1.0.15-6.0.1.el5_10
wireshark-gnome
1.0.15-6.0.1.el5_10
Oracle Linux x86_64
wireshark
1.0.15-6.0.1.el5_10
wireshark-gnome
1.0.15-6.0.1.el5_10
Oracle Linux i386
wireshark
1.0.15-6.0.1.el5_10
wireshark-gnome
1.0.15-6.0.1.el5_10
Ссылки на источники
Связанные уязвимости
ELSA-2013-1569: wireshark security, bug fix, and enhancement update (MODERATE)
[REJECTED CVE] A denial of service flaw was found in the way RTCP dissector of Wireshark, a network traffic analyzer, performed dissection of certain RTCP packet capture files. A remote attacker could provide a specially-crafted RTCP packet / packet capture that, once processed, would lead to excessive CPU consumption or into situation where tshark executable would enter an infinite loop, when trying to process the crafted packet / packet capture file.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate is a reservation duplicate of CVE-2012-6062. Notes: All CVE users should reference CVE-2012-6062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.