Bug 7780

Summary:	[UPDATE REQUEST] wireshark 2.0.12 CVE-2017-6014
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Zombie Ryushu <zombie.ryushu>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	alzim, andrey.bondrov, denis.silakov
Version:	Fresh
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	https://advisories.mageia.org/MGASA-2017-0076.html
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:	wireshark	ISO-related:
Bad POT generating:		Upstream:

Description Zombie Ryushu 2017-03-13 02:13:03 MSK

The wireshark package has been updated to version 2.0.11, which fixes two
security issues where a malformed packet trace could cause it to crash or
go into an infinite loop, and fixes several other bugs as well.  See the
release notes for details.

 CVE-2017-6014

Comment 1 Zombie Ryushu 2017-03-22 16:15:40 MSK

Additional CVEs.

CVE ID         : CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-6467 
                 CVE-2017-6468 CVE-2017-6469 CVE-2017-6470 CVE-2017-6471 
                 CVE-2017-6472 CVE-2017-6473 CVE-2017-6474

It was discovered that wireshark, a network protocol analyzer, contained
several vulnerabilities in the dissectors for ASTERIX , DHCPv6,
NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to
various crashes, denial-of-service or execution of arbitrary code.

Comment 2 Zombie Ryushu 2017-04-21 15:50:45 MSK

The wireshark package has been updated to version 2.0.12, which fixes
multiple security issues where a malformed packet trace could cause it to
crash or go into an infinite loop, and fixes several other bugs as well.
See the release notes for details.
                

References

    https://bugs.mageia.org/show_bug.cgi?id=20673
    https://www.wireshark.org/security/wnpa-sec-2017-04.html
    https://www.wireshark.org/security/wnpa-sec-2017-12.html
    https://www.wireshark.org/security/wnpa-sec-2017-13.html
    https://www.wireshark.org/security/wnpa-sec-2017-14.html
    https://www.wireshark.org/security/wnpa-sec-2017-15.html
    https://www.wireshark.org/security/wnpa-sec-2017-16.html
    https://www.wireshark.org/security/wnpa-sec-2017-18.html
    https://www.wireshark.org/security/wnpa-sec-2017-19.html
    https://www.wireshark.org/security/wnpa-sec-2017-20.html
    https://www.wireshark.org/security/wnpa-sec-2017-21.html
    https://www.wireshark.org/docs/relnotes/wireshark-2.0.12.html
    https://www.wireshark.org/news/20170412.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6742
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7700
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7701
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7702
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7703
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7705

Comment 3 Denis Silakov 2017-04-27 13:29:12 MSK

Updated.