2011-09-09 18:25:56 |
Cosme Domínguez |
bug |
|
|
added bug |
2011-09-09 18:28:10 |
Cosme Domínguez |
cve linked |
|
2011-3266 |
|
2011-09-09 20:38:27 |
Jamie Strandboge |
visibility |
private |
public |
|
2011-09-09 20:40:52 |
Jamie Strandboge |
wireshark (Ubuntu): status |
New |
Confirmed |
|
2011-09-10 22:52:48 |
Cosme Domínguez |
summary |
[Security] Multiple vulnerabilities fixed in wireshark 1.6.2 |
[Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2 |
|
2011-09-10 22:52:48 |
Cosme Domínguez |
description |
The following vulnerabilities have been fixed.
http://www.wireshark.org/security/wnpa-sec-2011-12.html
A large loop in the OpenSafety dissector could cause a crash. (Bug 6138)
Versions affected: 1.6.0 to 1.6.1.
http://www.wireshark.org/security/wnpa-sec-2011-13.html
A malformed IKE packet could consume excessive resources.
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266
http://www.wireshark.org/security/wnpa-sec-2011-14.html
A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135)
Versions affected: 1.6.0 to 1.6.1.
http://www.wireshark.org/security/wnpa-sec-2011-15.html
Wireshark could run arbitrary Lua scripts. (Bug 6136)
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
http://www.wireshark.org/security/wnpa-sec-2011-16.html
The CSN.1 dissector could crash. (Bug 6139)
Versions affected: 1.6.0 to 1.6.1. |
The following vulnerabilities have been fixed.
- A large loop in the OpenSafety dissector could cause a crash. (Bug 6138) [1]
Versions affected: 1.6.0 to 1.6.1.
- A malformed IKE packet could consume excessive resources. [2] [3]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135) [4]
Versions affected: 1.6.0 to 1.6.1.
- Wireshark could run arbitrary Lua scripts. (Bug 6136) [5]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- The CSN.1 dissector could crash. (Bug 6139) [6]
Versions affected: 1.6.0 to 1.6.1.
[1] http://www.wireshark.org/security/wnpa-sec-2011-12.html
[2] http://www.wireshark.org/security/wnpa-sec-2011-13.html
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266
[4] http://www.wireshark.org/security/wnpa-sec-2011-14.html
[5] http://www.wireshark.org/security/wnpa-sec-2011-15.html
[6] http://www.wireshark.org/security/wnpa-sec-2011-16.html
More info: http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#BugFixes
As I see on ubuntu wiki, it seems a FeatureFreeze Exception for bugfix-only updates [7]
[7] https://wiki.ubuntu.com/FreezeExceptionProcess#FeatureFreeze_for_bugfix-only_updates |
|
2011-09-10 22:54:36 |
Cosme Domínguez |
description |
The following vulnerabilities have been fixed.
- A large loop in the OpenSafety dissector could cause a crash. (Bug 6138) [1]
Versions affected: 1.6.0 to 1.6.1.
- A malformed IKE packet could consume excessive resources. [2] [3]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135) [4]
Versions affected: 1.6.0 to 1.6.1.
- Wireshark could run arbitrary Lua scripts. (Bug 6136) [5]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- The CSN.1 dissector could crash. (Bug 6139) [6]
Versions affected: 1.6.0 to 1.6.1.
[1] http://www.wireshark.org/security/wnpa-sec-2011-12.html
[2] http://www.wireshark.org/security/wnpa-sec-2011-13.html
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266
[4] http://www.wireshark.org/security/wnpa-sec-2011-14.html
[5] http://www.wireshark.org/security/wnpa-sec-2011-15.html
[6] http://www.wireshark.org/security/wnpa-sec-2011-16.html
More info: http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#BugFixes
As I see on ubuntu wiki, it seems a FeatureFreeze Exception for bugfix-only updates [7]
[7] https://wiki.ubuntu.com/FreezeExceptionProcess#FeatureFreeze_for_bugfix-only_updates |
The following vulnerabilities have been fixed.
- A large loop in the OpenSafety dissector could cause a crash. [1]
Versions affected: 1.6.0 to 1.6.1.
- A malformed IKE packet could consume excessive resources. [2] [3]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- A malformed capture file could result in an invalid root tvbuff and cause a crash. [4]
Versions affected: 1.6.0 to 1.6.1.
- Wireshark could run arbitrary Lua scripts. [5]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- The CSN.1 dissector could crash. [6]
Versions affected: 1.6.0 to 1.6.1.
[1] http://www.wireshark.org/security/wnpa-sec-2011-12.html
[2] http://www.wireshark.org/security/wnpa-sec-2011-13.html
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266
[4] http://www.wireshark.org/security/wnpa-sec-2011-14.html
[5] http://www.wireshark.org/security/wnpa-sec-2011-15.html
[6] http://www.wireshark.org/security/wnpa-sec-2011-16.html
More info: http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#BugFixes
As I see on ubuntu wiki, it seems a FeatureFreeze Exception for bugfix-only updates [7] since there aren't any new feature in this release. [8]
[7] https://wiki.ubuntu.com/FreezeExceptionProcess#FeatureFreeze_for_bugfix-only_updates
[8] http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#NewFeatures |
|
2011-09-10 22:59:08 |
Cosme Domínguez |
bug task added |
|
wireshark (Debian) |
|
2011-09-10 23:08:13 |
Cosme Domínguez |
bug |
|
|
added subscriber Ubuntu Release Team |
2011-09-21 10:17:16 |
Iain Lane |
removed subscriber Ubuntu Release Team |
|
|
|
2011-10-09 16:18:14 |
Cosme Domínguez |
wireshark (Debian): status |
New |
Fix Released |
|
2011-10-09 16:18:15 |
Cosme Domínguez |
wireshark (Ubuntu): status |
Confirmed |
Fix Released |
|