Updated wireshark packages fix security vulnerabilities
Publication date: 24 Sep 2014Modification date: 24 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6421 , CVE-2014-6422 , CVE-2014-6423 , CVE-2014-6424 , CVE-2014-6427 , CVE-2014-6428 , CVE-2014-6429 , CVE-2014-6430 , CVE-2014-6431 , CVE-2014-6432
Description
Updated wireshark packages fix security vulnerabilities:
RTP dissector crash (CVE-2014-6421, CVE-2014-6422).
MEGACO dissector infinite loop (CVE-2014-6423).
Netflow dissector crash (CVE-2014-6424).
RTSP dissector crash (CVE-2014-6427).
SES dissector crash (CVE-2014-6428).
Sniffer file parser crash (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431,
CVE-2014-6432).
References
- https://bugs.mageia.org/show_bug.cgi?id=14113
- https://www.wireshark.org/security/wnpa-sec-2014-12.html
- https://www.wireshark.org/security/wnpa-sec-2014-13.html
- https://www.wireshark.org/security/wnpa-sec-2014-14.html
- https://www.wireshark.org/security/wnpa-sec-2014-17.html
- https://www.wireshark.org/security/wnpa-sec-2014-18.html
- https://www.wireshark.org/security/wnpa-sec-2014-19.html
- https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html
- https://www.wireshark.org/news/20140916.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432
SRPMS
4/core
- wireshark-1.10.10-1.mga4
3/core
- wireshark-1.10.10-1.mga3