[3.2] wireshark: Multiple issues (CVE-2016-2521, CVE-2016-2523, CVE-2016-2530, CVE-2016-2531, CVE-2016-2532)
CVE-2016-2521: DLL hijacking.
Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
Fixed versions: 2.0.2, 1.12.10
https://www.wireshark.org/security/wnpa-sec-2016-01.html
CVE-2016-2523: The DNP3 dissector could go into an infinite loop.
Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
Fixed versions: 2.0.2, 1.12.10
https://www.wireshark.org/security/wnpa-sec-2016-03.html
CVE-2016-2530, CVE-2016-2531: The RSL dissector could crash.
Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
Fixed versions: 2.0.2, 1.12.10
https://www.wireshark.org/security/wnpa-sec-2016-10.html
CVE-2016-2532: The LLRP dissector could crash.
Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
Fixed versions: 2.0.2, 1.12.10
https://www.wireshark.org/security/wnpa-sec-2016-11.html
(from redmine: issue id 5227, created on 2016-03-07, closed on 2016-04-12)
- Relations:
- parent #5225 (closed)
- Changesets:
- Revision 6a4c881b on 2016-03-09T07:36:37Z:
main/wireshark: security upgrade to 1.12.10. Fixes #5223, fixes #5227
CVE-2015-8711: The NBAP dissector could crash
CVE-2015-8718: The NLM dissector could crash
CVE-2015-8720: ASN.1 BER-based dissectors could crash
CVE-2015-8721: Dissectors which use zlib decompression could crash
CVE-2015-8722: The SCTP dissector could crash
CVE-2015-8723: The 802.11 dissector could crash
CVE-2015-8725: The DIAMETER dissector could crash
CVE-2015-8726: The VeriWave file parser could crash
CVE-2015-8727: The RSVP dissector could crash
CVE-2015-8728: The ANSI A and GSM A dissectors could crash
CVE-2015-8729: The Ascend file parser could crash
CVE-2015-8730: The NBAP dissector could crash
CVE-2015-8731: The RSL dissector could crash
CVE-2015-8732: The ZigBee ZCL dissector could crash
CVE-2015-8733: The Sniffer file parser could crash
CVE-2015-8734: The NWP dissector could crash
CVE-2015-8735: The Bluetooth Attribute dissector could crash
CVE-2015-8736: The MP2T file parser could crash
CVE-2015-8737: The MP2T file parser could crash
CVE-2015-8738: The S7COMM dissector could crash
CVE-2015-2529: The iSeries file parser could crash
CVE-2016-2521: DLL hijacking
CVE-2016-2522: The ASN.1 BER dissector could crash
CVE-2016-2523: The DNP3 dissector could go into an infinite loop
CVE-2016-2524: The X.509AF dissector could crash
CVE-2016-2525: The HTTP/2 dissector could crash
CVE-2016-2526: The HiQnet dissector could crash
CVE-2016-2527: The 3GPP TS 32.423 Trace file parser could crash
CVE-2016-2528: The LBMC dissector could crash
CVE-2016-2530, CVE-2016-2531: The RSL dissector could crash
CVE-2016-2532: The LLRP dissector could crash