Updated wireshark packages fix multiple vulnerabilities
Publication date: 22 Nov 2013Modification date: 22 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-6336 , CVE-2013-6337 , CVE-2013-6338 , CVE-2013-6339 , CVE-2013-6340
Description
Updated wireshark packages fix security vulnerabilities:
The IEEE 802.15.4 dissector could crash (CVE-2013-6336).
The NBAP dissector could crash (CVE-2013-6337).
The SIP dissector could crash (CVE-2013-6338).
The OpenWire dissector could go into a large loop (CVE-2013-6339).
The TCP dissector could crash (CVE-2013-6340).
References
- https://www.wireshark.org/security/wnpa-sec-2013-61.html
- https://www.wireshark.org/security/wnpa-sec-2013-62.html
- https://www.wireshark.org/security/wnpa-sec-2013-63.html
- https://www.wireshark.org/security/wnpa-sec-2013-64.html
- https://www.wireshark.org/security/wnpa-sec-2013-65.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.11.html
- http://www.wireshark.org/news/20131101.html
- https://bugs.mageia.org/show_bug.cgi?id=11579
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340
SRPMS
2/core
- wireshark-1.8.11-1.mga2
3/core
- wireshark-1.8.11-1.mga3