Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 726
    • Issues 726
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 327
    • Merge requests 327
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #1923
Closed
Open
Created May 21, 2013 by Peter Kotcauer@kocka

[v2.2] Wireshark 1.8.7 and 1.6.15 fixes several security issues

Wireshark upstream has released 1.8.7, 1.6.15 versions,
correcting multiple security flaws:

  1. http://www.wireshark.org/security/wnpa-sec-2013-31.html

Use CVE-2013-3561. Note that this CVE is shared with issues covered by
wnpa-sec-2013-30 and (part of) wnpa-sec-2013-29.

  1. http://www.wireshark.org/security/wnpa-sec-2013-30.html

Use CVE-2013-3561. Note that this CVE is shared with issues covered by
wnpa-sec-2013-31 and (part of) wnpa-sec-2013-29.

  1. http://www.wireshark.org/security/wnpa-sec-2013-29.html

Use CVE-2013-3561 for the Bug 8448 issue. Note that this CVE is shared
with issues covered by wnpa-sec-2013-30 and wnpa-sec-2013-31.

Use CVE-2013-3562 for the Bug 8449 issue.

  1. http://www.wireshark.org/security/wnpa-sec-2013-28.html

Use CVE-2013-3560.

  1. http://www.wireshark.org/security/wnpa-sec-2013-27.html

Use CVE-2013-3559.

  1. http://www.wireshark.org/security/wnpa-sec-2013-26.html

Use CVE-2013-3558.

  1. http://www.wireshark.org/security/wnpa-sec-2013-25.html

Use CVE-2013-3556 for the Bug 8599 issue addressed in r48943.

Use CVE-2013-3557 for the Bug 8599 issue addressed in r48944.

It is possible that CVE-2013-3556 only affects people who made their
own builds from the Wireshark trunk, and does not affect users of any
Wireshark release. Although MITRE does not always assign CVE names for
such development-code issues, in this case it is useful for clarifying
the scope of CVE-2013-3557.

  1. http://www.wireshark.org/security/wnpa-sec-2013-24.html

Use CVE-2013-3555.

  1. http://www.wireshark.org/security/wnpa-sec-2013-23.html

Further Note regarding 9):
The CVE-2013-2486 && CVE-2013-2487 identifiers
have been originally assigned for the 9) issue for the
fix in v1.8.6. The patch should contain two patches,
but only one was applied. Not sure if a new CVE identifier
should be assigned for this case.

See comment 13 in Wireshark bug 8364. CVE-2013-2486 is about revision
47805, and CVE-2013-2487 is about revision 47808 (an issue with a
different discoverer than 47805). MITRE will later publish an update
to the information about affected versions within our CVE-2013-2486
description.

(from redmine: issue id 1923, created on 2013-05-21, closed on 2013-05-22)

  • Relations:
    • parent #1918 (closed)
  • Changesets:
    • Revision c624044a by Natanael Copa on 2013-05-21T11:57:13Z:
main/wireshark: security upgrade to 1.6.15 (CVE-2013-3555,CVE-2013-3556,CVE-2013-3557,CVE-2013-3558,CVE-2013-3559,CVE-2013-3560,CVE-2013-3561,CVE-2013-3562)

fixes #1923
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking