Advisories » MGASA-2016-0091

Updated wireshark packages fix security vulnerabilities

Publication date: 02 Mar 2016
Modification date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2522 , CVE-2016-2523 , CVE-2016-2524 , CVE-2016-2525 , CVE-2016-2526 , CVE-2016-2527 , CVE-2016-2528 , CVE-2016-2529 , CVE-2016-2530 , CVE-2016-2531 , CVE-2016-2532

Description

Updated wireshark packages fix security vulnerabilities:

ASN.1 BER dissector crash (CVE-2016-2522).

DNP dissector infinite loop (CVE-2016-2523).

X.509AF dissector crash (CVE-2016-2524).

HTTP/2 dissector crash (CVE-2016-2525).

HiQnet dissector crash (CVE-2016-2526).

3GPP TS 32.423 Trace file parser crash (CVE-2016-2527).

LBMC dissector crash (CVE-2016-2528).

iSeries file parser crash (CVE-2016-2529).

RSL dissector crash (CVE-2016-2530, CVE-2016-2531).

LLRP dissector crash (CVE-2016-2532).

The wireshark package has been updated to version 2.0.2, fixing these issues as
well as other dissector crashes, a dissector loop issue, another file parser
crash, and several other bugs.  See the upstream release notes for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17848
• https://www.wireshark.org/security/wnpa-sec-2016-02.html
• https://www.wireshark.org/security/wnpa-sec-2016-03.html
• https://www.wireshark.org/security/wnpa-sec-2016-04.html
• https://www.wireshark.org/security/wnpa-sec-2016-05.html
• https://www.wireshark.org/security/wnpa-sec-2016-06.html
• https://www.wireshark.org/security/wnpa-sec-2016-07.html
• https://www.wireshark.org/security/wnpa-sec-2016-08.html
• https://www.wireshark.org/security/wnpa-sec-2016-09.html
• https://www.wireshark.org/security/wnpa-sec-2016-10.html
• https://www.wireshark.org/security/wnpa-sec-2016-11.html
• https://www.wireshark.org/security/wnpa-sec-2016-12.html
• https://www.wireshark.org/security/wnpa-sec-2016-13.html
• https://www.wireshark.org/security/wnpa-sec-2016-14.html
• https://www.wireshark.org/security/wnpa-sec-2016-15.html
• https://www.wireshark.org/security/wnpa-sec-2016-16.html
• https://www.wireshark.org/security/wnpa-sec-2016-17.html
• https://www.wireshark.org/security/wnpa-sec-2016-18.html
• https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html
• https://www.wireshark.org/news/20160226.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2522
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2523
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2524
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2525
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2526
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2527
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2528
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2529
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2530
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2531
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2532

SRPMS

5/core

• wireshark-2.0.2-1.mga5