Advisories ยป MGASA-2016-0091

Updated wireshark packages fix security vulnerabilities

Publication date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2522 , CVE-2016-2523 , CVE-2016-2524 , CVE-2016-2525 , CVE-2016-2526 , CVE-2016-2527 , CVE-2016-2528 , CVE-2016-2529 , CVE-2016-2530 , CVE-2016-2531 , CVE-2016-2532


Updated wireshark packages fix security vulnerabilities:

ASN.1 BER dissector crash (CVE-2016-2522).

DNP dissector infinite loop (CVE-2016-2523).

X.509AF dissector crash (CVE-2016-2524).

HTTP/2 dissector crash (CVE-2016-2525).

HiQnet dissector crash (CVE-2016-2526).

3GPP TS 32.423 Trace file parser crash (CVE-2016-2527).

LBMC dissector crash (CVE-2016-2528).

iSeries file parser crash (CVE-2016-2529).

RSL dissector crash (CVE-2016-2530, CVE-2016-2531).

LLRP dissector crash (CVE-2016-2532).

The wireshark package has been updated to version 2.0.2, fixing these issues as
well as other dissector crashes, a dissector loop issue, another file parser
crash, and several other bugs.  See the upstream release notes for details.