Package name
wireshark
Date
2013-09-19
Advisory ID
MDVSA-2013:238
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities was found and corrected in Wireshark:

The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c
in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x
before 1.10.2 does not restrict the dch_id value, which allows
remote attackers to cause a denial of service (application crash)
via a crafted packet (CVE-2013-5718).

epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark
1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers
to cause a denial of service (infinite loop) via a crafted packet
(CVE-2013-5719).

Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10
and 1.10.x before 1.10.2 allows remote attackers to cause a denial
of service (application crash) via a crafted packet (CVE-2013-5720).

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ
dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2
does not properly determine when to enter a certain loop, which allows
remote attackers to cause a denial of service (application crash)
via a crafted packet (CVE-2013-5721).

Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x
before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to
cause a denial of service (application crash) via a crafted packet
(CVE-2013-5722).

This advisory provides the latest supported version of Wireshark
(1.8.10) which is not vulnerable to these issues.

Updated packages

MES5 i586

 de61ebb8817cb8039504ca524781c497  mes5/i586/dumpcap-1.8.10-0.1mdvmes5.2.i586.rpm
 d829f01a5a5f860a6169131be9323981  mes5/i586/libwireshark2-1.8.10-0.1mdvmes5.2.i586.rpm
 b68baa4354238f3193dce302690f3787  mes5/i586/libwireshark-devel-1.8.10-0.1mdvmes5.2.i586.rpm
 c6ec2e0ece2af0f1fb61d9733e621f45  mes5/i586/rawshark-1.8.10-0.1mdvmes5.2.i586.rpm
 1bee6bed84baba1cac9902f654213c76  mes5/i586/tshark-1.8.10-0.1mdvmes5.2.i586.rpm
 c35b5c79b6a025dfe6d283a1a26409bf  mes5/i586/wireshark-1.8.10-0.1mdvmes5.2.i586.rpm
 a671049d8adb62f53db78830c5fd0e27  mes5/i586/wireshark-tools-1.8.10-0.1mdvmes5.2.i586.rpm 
 443c2e9cdc43786df065aba00f629d47  mes5/SRPMS/wireshark-1.8.10-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 7e3729b680262732e67fe8235615fcdb  mbs1/x86_64/dumpcap-1.8.10-1.mbs1.x86_64.rpm
 cf73b7aef79429ed8e703e3aa8b62fa1  mbs1/x86_64/lib64wireshark2-1.8.10-1.mbs1.x86_64.rpm
 1e65c4a4df9e4808ff6d5142851603b4  mbs1/x86_64/lib64wireshark-devel-1.8.10-1.mbs1.x86_64.rpm
 772a7e69de64fe6523f0a9360132a251  mbs1/x86_64/rawshark-1.8.10-1.mbs1.x86_64.rpm
 18f520b096e6a90e36c07253e3f06cd1  mbs1/x86_64/tshark-1.8.10-1.mbs1.x86_64.rpm
 8153e002e9ad7cf5a9ba5e878e8a1dc1  mbs1/x86_64/wireshark-1.8.10-1.mbs1.x86_64.rpm
 3b10fffd6e77b81865b05c77460a21e5  mbs1/x86_64/wireshark-tools-1.8.10-1.mbs1.x86_64.rpm 
 f573422739b5d540b16831abeea42823  mbs1/SRPMS/wireshark-1.8.10-1.mbs1.src.rpm

MES5 x86_64

 d1b79b99e14e7d71cfab1f043fbf6724  mes5/x86_64/dumpcap-1.8.10-0.1mdvmes5.2.x86_64.rpm
 2094e86f1dd8f0908b5931814b03d280  mes5/x86_64/lib64wireshark2-1.8.10-0.1mdvmes5.2.x86_64.rpm
 41a032e6ea9401c3ba49c5b2a2a670bc  mes5/x86_64/lib64wireshark-devel-1.8.10-0.1mdvmes5.2.x86_64.rpm
 3dc07fa084199ba1cc6ebe6287e03583  mes5/x86_64/rawshark-1.8.10-0.1mdvmes5.2.x86_64.rpm
 05b4625a36bf25b343574f30d9538029  mes5/x86_64/tshark-1.8.10-0.1mdvmes5.2.x86_64.rpm
 02c751957b73bbe139523f4141d677fb  mes5/x86_64/wireshark-1.8.10-0.1mdvmes5.2.x86_64.rpm
 d8f93640400df0bb2f4823165cd8b738  mes5/x86_64/wireshark-tools-1.8.10-0.1mdvmes5.2.x86_64.rpm 
 443c2e9cdc43786df065aba00f629d47  mes5/SRPMS/wireshark-1.8.10-0.1mdvmes5.2.src.rpm

References