[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 198-1] wireshark security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : wireshark
Version        : 1.8.2-5wheezy15~deb6u1
CVE ID         : CVE-2015-2191 CVE-2015-2188 CVE-2015-0564 CVE-2015-0562
                 CVE-2014-8714 CVE-2014-8713 CVE-2014-8712 CVE-2014-8711
                 CVE-2014-8710 CVE-2014-6432 CVE-2014-6431 CVE-2014-6430
                 CVE-2014-6429 CVE-2014-6428 CVE-2014-6423 CVE-2014-6422

The following vulnerabilities were discovered in the Squeeze's Wireshark
version:

 CVE-2015-2188 The WCP dissector could crash
 CVE-2015-0564 Wireshark could crash while decypting TLS/SSL sessions
 CVE-2015-0562 The DEC DNA Routing Protocol dissector could crash
 CVE-2014-8714 TN5250 infinite loops
 CVE-2014-8713 NCP crashes
 CVE-2014-8712 NCP crashes
 CVE-2014-8711 AMQP crash
 CVE-2014-8710 SigComp UDVM buffer overflow
 CVE-2014-6432 Sniffer file parser crash
 CVE-2014-6431 Sniffer file parser crash
 CVE-2014-6430 Sniffer file parser crash
 CVE-2014-6429 Sniffer file parser crash
 CVE-2014-6428 SES dissector crash
 CVE-2014-6423 MEGACO dissector infinite loop
 CVE-2014-6422 RTP dissector crash

Since back-porting upstream patches to 1.2.11-6+squeeze15 did not fix
all the outstanding issues and some issues are not even tracked publicly
the LTS Team decided to sync squeeze-lts's wireshark package with
wheezy-security to provide the best possible security support.

Note that upgrading Wireshark from 1.2.x to 1.8.x introduces
several backward-incompatible changes in package structure, shared
library API/ABI, availability of dissectors and in syntax of command
line parameters.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVN224AAoJEPZk0la0aRp9XboP/0VJygAKv91+16dBUkhqvR2Y
R4DGPmJJP27zdXS8OMHFVfEBqeoLno9qQVqZGVCqW0TfU3RyHkQl0GX/ojRj+yy1
Z8dD+MbpUqNmgNelityjsiXmvNn42SK3Uvu9Ys6qOAWaAirrx3HiNPSRtvnQLq/Q
kzB86dM+EdhDyqyHIKct/TPGIBExOebKQeBdZJOsGykIDSs/D3gpVLtnXhXGpuci
f5+h8tal+yoFGA6nqmHsNMVEoHGZPHzPHATywiQhUcPrhBQAebLfpB0C831vkhD9
+7N451WA5r3pw9nI+psNARqKPg73GKKl+/pI/Mk3/MfSkU6WmtNx61yAG1uqWLKv
vY8OyiprCToPznqWdASpfnLCjtOLw6g1LAkIZO+Se4n1I9v0Jwoi56WmCKEUoXBJ
7i/5W2XPzbfocEc2OVCVVqV99Ds5wM4uuZqwtO8TYZjxmWA71qcKknaTrjLX93DP
+X4WVFXKhpDJG0E0lWXKoa5QBirstl6E9Up1jpMG/uh7WZmfBvLLqvCZbFYKkgBm
7hImI2UwYq+0vNmWXTp1zyvg4qFu74AgmgeLHoCWs1WReeC2PIYtqwg0ODZWvwsE
CWybNhcz3zM+OC9Z+7XQgy0TqFCbr5g5L93ZdqTQlE9PBFm7LnTGMMnX2Oug/vG5
Q0EFsaK+lGkrIMa5AOsP
=NQby
-----END PGP SIGNATURE-----
Reply to: