[Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| wireshark (Debian) |
Fix Released
|
Undecided
|
Unassigned | ||
| wireshark (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
The following vulnerabilities have been fixed.
- A large loop in the OpenSafety dissector could cause a crash. [1]
Versions affected: 1.6.0 to 1.6.1.
- A malformed IKE packet could consume excessive resources. [2] [3]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- A malformed capture file could result in an invalid root tvbuff and cause a crash. [4]
Versions affected: 1.6.0 to 1.6.1.
- Wireshark could run arbitrary Lua scripts. [5]
Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
- The CSN.1 dissector could crash. [6]
Versions affected: 1.6.0 to 1.6.1.
[1] http://
[2] http://
[3] http://
[4] http://
[5] http://
[6] http://
More info: http://
As I see on ubuntu wiki, it seems a FeatureFreeze Exception for bugfix-only updates [7] since there aren't any new feature in this release. [8]
[7] https:/
[8] http://
CVE References
| visibility: | private → public |
| Changed in wireshark (Ubuntu): | |
| status: | New → Confirmed |
| description: | updated |
| summary: |
- [Security] Multiple vulnerabilities fixed in wireshark 1.6.2 + [Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2 |
| description: | updated |
| Iain Lane (laney) wrote | #1 |
| Changed in wireshark (Debian): | |
| status: | New → Fix Released |
| Changed in wireshark (Ubuntu): | |
| status: | Confirmed → Fix Released |
No need for the release team to review this; please upload as normal.