Advisories » MGASA-2016-0223

Updated wireshark packages fix security vulnerability

Publication date: 13 Jun 2016
Modification date: 13 Jun 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5350 , CVE-2016-5351 , CVE-2016-5352 , CVE-2016-5353 , CVE-2016-5354 , CVE-2016-5355 , CVE-2016-5356 , CVE-2016-5357 , CVE-2016-5358 , CVE-2016-5359

Description

Updated wireshark packages fix security vulnerabilities:

The SPOOLS dissector could go into an infinite loop (CVE-2016-5350).

The IEEE 802.11 dissector could crash (CVE-2016-5351).

The IEEE 802.11 dissector could crash (CVE-2016-5352).

The UMTS FP dissector could crash (CVE-2016-5353).

Some USB dissectors could crash (CVE-2016-5354).

The Toshiba file parser could crash (CVE-2016-5355).

The CoSine file parser could crash (CVE-2016-5356).

The NetScreen file parser could crash (CVE-2016-5357).

The Ethernet dissector could crash (CVE-2016-5358).

Infinite loop in parse_wbxml_tag_defined() in WBXML Dissector
(CVE-2016-5359).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18663
• https://www.wireshark.org/security/wnpa-sec-2016-29.html
• https://www.wireshark.org/security/wnpa-sec-2016-30.html
• https://www.wireshark.org/security/wnpa-sec-2016-31.html
• https://www.wireshark.org/security/wnpa-sec-2016-32.html
• https://www.wireshark.org/security/wnpa-sec-2016-33.html
• https://www.wireshark.org/security/wnpa-sec-2016-34.html
• https://www.wireshark.org/security/wnpa-sec-2016-35.html
• https://www.wireshark.org/security/wnpa-sec-2016-36.html
• https://www.wireshark.org/security/wnpa-sec-2016-37.html
• https://www.wireshark.org/security/wnpa-sec-2016-38.html
• https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html
• https://www.wireshark.org/news/20160607.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5350
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5351
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5352
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5353
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5354
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5355
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5356
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5357
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5358
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5359

SRPMS

5/core

• wireshark-2.0.4-1.mga5