[v2.6] wireshark: upgrade to 1.8.9. fixes various security vulnerabilities
What’s New
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2013-41
The DCP ETSI dissector could crash. ([2]Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7
[3]CVE-2013-4083
* [4]wnpa-sec-2013-42
The P1 dissector could crash. Discovered by Laurent Butti.
([5]Bug 8826)
Versions affected: 1.10.0
[6]CVE-2013-4920
* [7]wnpa-sec-2013-43
The Radiotap dissector could crash. Discovered by Laurent
Butti. ([8]Bug 8830)
Versions affected: 1.10.0
[9]CVE-2013-4921
* [10]wnpa-sec-2013-44
The DCOM ISystemActivator dissector could crash. Discovered
by Laurent Butti. ([11]Bug 8828)
Versions affected: 1.10.0
[12]CVE-2013-4922 [13]CVE-2013-4923 [14]CVE-2013-4924
[15]CVE-2013-4925 [16]CVE-2013-4926
* [17]wnpa-sec-2013-45
The Bluetooth SDP dissector could go into a large loop.
Discovered by Laurent Butti. ([18]Bug 8831)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[19]CVE-2013-4927
* [20]wnpa-sec-2013-46
The Bluetooth OBEX dissector could go into an infinite
loop. ([21]Bug 8875)
Versions affected: 1.10.0
[22]CVE-2013-4928
* [23]wnpa-sec-2013-47
The DIS dissector could go into a large loop. ([24]Bug
8911)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[25]CVE-2013-4929
* [26]wnpa-sec-2013-48
The DVB-CI dissector could crash. Discovered by Laurent
Butti. ([27]Bug 8916)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[28]CVE-2013-4930
* [29]wnpa-sec-2013-49
The GSM RR dissector (and possibly others) could go into a
large loop. ([30]Bug 8923)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[31]CVE-2013-4931
* [32]wnpa-sec-2013-50
The GSM A Common dissector could crash. ([33]Bug 8940)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[34]CVE-2013-4932
* [35]wnpa-sec-2013-51
The Netmon file parser could crash. Discovered by G.
Geshev. ([36]Bug 8742)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[37]CVE-2013-4933 [38]CVE-2013-4934
* [39]wnpa-sec-2013-52
The ASN.1 PER dissector could crash. Discovered by
Oliver-Tobias Ripka. ([40]Bug 8722)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[41]CVE-2013-4935
* [42]wnpa-sec-2013-53
The PROFINET Real-Time dissector could crash. ([43]Bug
8904)
Versions affected: 1.10.0
[44]CVE-2013-4936
http://www.wireshark.org/lists/wireshark-announce/201307/msg00000.html
(from redmine: issue id 2181, created on 2013-07-29, closed on 2013-07-30)
- Relations:
- parent #2179 (closed)
- Changesets:
- Revision c0ed1cbf by Natanael Copa on 2013-07-30T14:59:42Z:
main/wireshark: security upgrade to 1.8.9 (CVE-2013-4927,CVE-2013-4929,CVE-2013-4930,CVE-2013-4931,CVE-2013-4932,CVE-2013-4933,CVE-2013-4934,CVE-2013-4935)
ref #2179
fixes #2181