Hello community, here is the log from the commit of package wireshark for openSUSE:Factory checked in at 2018-04-06 17:45:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wireshark (Old) and /work/SRC/openSUSE:Factory/.wireshark.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wireshark" Fri Apr 6 17:45:58 2018 rev:134 rq:593716 version:2.4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/wireshark/wireshark.changes 2018-02-26 23:23:13.634487271 +0100 +++ /work/SRC/openSUSE:Factory/.wireshark.new/wireshark.changes 2018-04-06 17:46:33.757959882 +0200 @@ -1,0 +2,23 @@ +Wed Apr 4 20:20:16 UTC 2018 - [email protected] + +- Wireshark 2.4.6: + This release fixes minor vulnerabilities that could be used to + trigger dissector crashes or cause dissectors to go into large + infinite loops by making Wireshark read specially crafted + packages from the network or capture files (bsc#1088200): + * CVE-2018-9264: ADB dissector crash + * CVE-2018-9260: IEEE 802.15.4 dissector crash + * CVE-2018-9261: NBAP dissector crash + * CVE-2018-9262: VLAN dissector crash + * CVE-2018-9256: LWAPP dissector crash + * CVE-2018-9263: Kerberos dissector crash + * CVE-2018-9258: TCP dissector crash + * CVE-2018-9257: CQL infinite loop + * Memory leaks in multiple dissectors: + CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, + CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, + CVE-2018-9273, CVE-2018-9274 + * Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html + +------------------------------------------------------------------- Old: ---- SIGNATURES-2.4.5.txt wireshark-2.4.5.tar.xz New: ---- SIGNATURES-2.4.6.txt wireshark-2.4.6.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wireshark.spec ++++++ --- /var/tmp/diff_new_pack.GxWAkI/_old 2018-04-06 17:46:36.429863313 +0200 +++ /var/tmp/diff_new_pack.GxWAkI/_new 2018-04-06 17:46:36.433863169 +0200 @@ -36,7 +36,7 @@ %bcond_with geoip %endif Name: wireshark -Version: 2.4.5 +Version: 2.4.6 Release: 0 Summary: A Network Traffic Analyser License: GPL-2.0+ AND GPL-3.0+ ++++++ SIGNATURES-2.4.5.txt -> SIGNATURES-2.4.6.txt ++++++ --- /work/SRC/openSUSE:Factory/wireshark/SIGNATURES-2.4.5.txt 2018-02-26 23:23:12.466529274 +0100 +++ /work/SRC/openSUSE:Factory/.wireshark.new/SIGNATURES-2.4.6.txt 2018-04-06 17:46:18.738502715 +0200 @@ -1,40 +1,40 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -wireshark-2.4.5.tar.xz: 28836740 bytes -SHA256(wireshark-2.4.5.tar.xz)=b3b2ec29fba0f4a3a590438abe4054e56f19108d440fc2d61492db9d8ff16fd7 -RIPEMD160(wireshark-2.4.5.tar.xz)=f14cbb589a4fbf42f2420a34f2e98a2b274641e6 -SHA1(wireshark-2.4.5.tar.xz)=c49dfaba0a62d9e3f8ecda5e148f19cba9800900 - -Wireshark-win32-2.4.5.exe: 52716272 bytes -SHA256(Wireshark-win32-2.4.5.exe)=31687c3c0f9e7c2c0ce610db5c659680083d7204c5fbda4a98fb439a86c90011 -RIPEMD160(Wireshark-win32-2.4.5.exe)=68f6b32d6bef1e789dd4783229c7974026986d1f -SHA1(Wireshark-win32-2.4.5.exe)=0825f8d3525b109c55a4c8fb7fc249043d9b822c - -Wireshark-win64-2.4.5.exe: 57909112 bytes -SHA256(Wireshark-win64-2.4.5.exe)=867338819182ba636e1b741e87d60f1b06661138c2614db1253f1c75c17ae68c -RIPEMD160(Wireshark-win64-2.4.5.exe)=5f8040361904c6317cac57ae48884182dcd66172 -SHA1(Wireshark-win64-2.4.5.exe)=273d4395d9fc6323f4618884ccc46ad640bebb53 - -Wireshark-win64-2.4.5.msi: 47079424 bytes -SHA256(Wireshark-win64-2.4.5.msi)=201b6b9f4b9f15459287286809daba2d68464aa89320c1d676db565224e8b2ae -RIPEMD160(Wireshark-win64-2.4.5.msi)=700ab32ebb8e72999cf8916b53a3fb71ce279ca6 -SHA1(Wireshark-win64-2.4.5.msi)=7408105a82218aa1d9c4c9ce855738403734f230 - -Wireshark-win32-2.4.5.msi: 41967616 bytes -SHA256(Wireshark-win32-2.4.5.msi)=8a1fff845e5b51c1778f42e43d715a1f41943fd7bced32424eed7eb0b295abf8 -RIPEMD160(Wireshark-win32-2.4.5.msi)=7eb658336b6679a3b828d1a54b29acc0a2f6e162 -SHA1(Wireshark-win32-2.4.5.msi)=11d8b499d128cf64c7226fb0e76fc44354008d60 - -WiresharkPortable_2.4.5.paf.exe: 45373920 bytes -SHA256(WiresharkPortable_2.4.5.paf.exe)=b2bb1d15a0c5cbd9fd168688b24cf0aff2445a005641adcae531aa3a605a5964 -RIPEMD160(WiresharkPortable_2.4.5.paf.exe)=5a0d230438eae0d33f3410fdf165c885712b96d7 -SHA1(WiresharkPortable_2.4.5.paf.exe)=8341f112a2bc90256d2a5b4a6a01655d50c381f5 - -Wireshark 2.4.5 Intel 64.dmg: 42004449 bytes -SHA256(Wireshark 2.4.5 Intel 64.dmg)=028592817849f180f4014288a9566910e4ab508cb3b53a9721c9c667379acd15 -RIPEMD160(Wireshark 2.4.5 Intel 64.dmg)=0c6adbb0068ad4e87af17397a7cfeb33ed80db69 -SHA1(Wireshark 2.4.5 Intel 64.dmg)=7b6bc07482f7ef506a559a922d413e2e1989d796 +wireshark-2.4.6.tar.xz: 28851192 bytes +SHA256(wireshark-2.4.6.tar.xz)=8e965fd282bc0c09e7c4eba5f08a555d0ccf40a7d1544b939e01b90bc893d5fe +RIPEMD160(wireshark-2.4.6.tar.xz)=4d58798dfbb5a6567a731e0d6308e1dca3c859ee +SHA1(wireshark-2.4.6.tar.xz)=25ba24628acfc12d7541298255f50e8034e694b7 + +Wireshark-win64-2.4.6.exe: 57924080 bytes +SHA256(Wireshark-win64-2.4.6.exe)=025c68ae6ac5a4ae146ba8318f596089859c9d5d890b688ed8c1498745779412 +RIPEMD160(Wireshark-win64-2.4.6.exe)=d861ae68de77ede9c07ce5ca8126ccadb2ccbe94 +SHA1(Wireshark-win64-2.4.6.exe)=5f57fe6ff476b619eb83ff4e8d18b6ffca6f0afb + +Wireshark-win32-2.4.6.exe: 52729424 bytes +SHA256(Wireshark-win32-2.4.6.exe)=6395ca0265207dcdcb1080073591968dec2711cbea27708efb83bbd6c3a32235 +RIPEMD160(Wireshark-win32-2.4.6.exe)=6bc69510b01a9cc1199d2f813d996a692d2f1cb2 +SHA1(Wireshark-win32-2.4.6.exe)=a4e3855757d7a92e29b7e2217cf297b589f9e5e9 + +Wireshark-win32-2.4.6.msi: 41992192 bytes +SHA256(Wireshark-win32-2.4.6.msi)=6efc9545528c76166e00942a2e7ef334c06ff7de15c450d9d685c9a0ffe8936d +RIPEMD160(Wireshark-win32-2.4.6.msi)=afc7b83b434df048b2b645b68ba6b28fc2ef2ff4 +SHA1(Wireshark-win32-2.4.6.msi)=667c7f3bc788cdff4b3875c7e709d199b63da2ce + +Wireshark-win64-2.4.6.msi: 47026176 bytes +SHA256(Wireshark-win64-2.4.6.msi)=c4b6cac3c8a8814fc9bb6e19a28a467b26067bc0a661150e7018f8923e43d535 +RIPEMD160(Wireshark-win64-2.4.6.msi)=76b331d59b0ee1b7b29ccac0c9865094e7f1622f +SHA1(Wireshark-win64-2.4.6.msi)=2a67f3d3ba177686794cf1ff3e64cfd56541c217 + +WiresharkPortable_2.4.6.paf.exe: 45406800 bytes +SHA256(WiresharkPortable_2.4.6.paf.exe)=bcf10c20f0bfc0ebace4bbfd4022cdc69e642bbe27128a01a3b5bb3f6e532fc3 +RIPEMD160(WiresharkPortable_2.4.6.paf.exe)=cd01b4e5aa81f7c3543b6c78224900c1890f0909 +SHA1(WiresharkPortable_2.4.6.paf.exe)=7425c8a3f5eb8efa0304b7ac10acc598e3b6eb54 + +Wireshark 2.4.6 Intel 64.dmg: 42490725 bytes +SHA256(Wireshark 2.4.6 Intel 64.dmg)=0e51f0c7892422df8a755044344cb9f01d4b2bbc9f90bcc63fb4a791000106f8 +RIPEMD160(Wireshark 2.4.6 Intel 64.dmg)=7ca143bacb1ee969709c8933fd1d29127be687e1 +SHA1(Wireshark 2.4.6 Intel 64.dmg)=5845d6ebe392ec1094c4e4297dd79807a3bab114 You can validate these hashes using the following commands (among others): @@ -44,17 +44,17 @@ Other: openssl sha256 wireshark-x.y.z.tar.xz -----BEGIN PGP SIGNATURE----- -iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlqQfH4ACgkQgiRKeOb+ -rur5tBAAoGElt+RqtABqCauP4bEksWtXfSkoR+aJbYm+VKaHwQgdKDBE6MmJEa+7 -5ZxSe4nmtES/t9wPFmSD8g3fAn5a5zeL6O5pX8mmktxxqvisP8VuVJZZ7+zkoOQI -5GgU8S5NvYWFL1EqAjNbB0aTKpdEm/x5m5X9q3Y24w7C2gPL2kPo2QeCvviYJgT4 -Z725buE6gQ3rMPkYSieImOcDKqUVvPDwbz76xVrFYW251cSMUzIQTTbeQs+peNsq -FUpq/atnZR5ZUS73fbcgQgyulEEEgtVYihun/phJt3CKLw46zaitiMdaYl7Bt0HJ -pt2XpQuK0/diO2it4wDdV1QZ/DIMxnL3ty5r3rT3XqDT8OFZkecOhji8fqTKs5nn -WJH+7agG24MEvOmBn/x6QEp8Tm3T0dRZe5O5Z6XnMJwH1deqBDMaRK0ndCb7QXKW -ww1oS8AkxfB3+9WlcBpMWOQOCaoHmabCugdKubHzrFBYe/ETx42UuVr/1swphVpU -VCgpI/3uMV/JTEWKjMgod1h880j5y2ZUSF8z20bitjdJxYEeAhww3V58+4zFSnGc -QsHeSD1UAl5DzVkkycA3lwHC40XHvB1G85jN4nEVui4IM5NdCEYxaEm6onCVbqa+ -2wt9iv1Djun6aGqf0zHeMtffxzjyyTINLL4XqYgImkGYXC9/zKE= -=HIJo +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlrD8F4ACgkQgiRKeOb+ +ruoZYxAApq3NGF5OsDWdM1lo4JeMNR6fp8vDx91hYYV3mbarauLljp4yM6Wmp9qt +iSJ4SmjjuBAOWU0CvZJP9g2t7Yy4BMpCddVdeGwOr3tEcnbcoftPEd4auoLd1Hnb +Ue5WZYB58nzzQpz78chbZX+H4o8r7K8Z98eQdtoC69mTszr6qrGkEKTuf5zzFQIh +MmrfrhTjzHCdW5GsjxcWtkI7jsFUx3Gx0ziyCg6sm1H/8ZDL+/OhO5bVyXNAsF8B +62qXJNx2LDh+KDKVxJy3LVBTgWDUfelTnO/vIXeX8pevSqX1TaiDT65NaOFmw8Ix +K2V44bBIhbi5XfKv922ENCmX2fJzMii7N9cgXWOPOs0bx2t+DG2Lsc9Invo5kiHn +uqDhe4/1FG1dqlmEByaDiCJ8EjDiZot1iQUHPybEILBaWRbrI+9IX4bQ3DFLATL5 +jeWPotJNZVsFc2sGGJocGIBUI0S8eT1MZqsQjvRxh5GT/E++gXqtXAGjBINv/Rx7 +9DTkoSSWJ5d0AOQb3/oP9csUEyHymx8R+LQZ1LukPTfw0/VKp0d0HBlDtpezbUpp +kFc/FRhss1b3jWlxC/dfqHtrkLIWJQkR5vBFqrS1OC2UgKZsUw0iAMyCnhEx86x4 +K0D1f0sGynuHJ8NIN0nm0f2qP28NaF5wU8+7ZX5H71gsRiY+76s= +=kjTJ -----END PGP SIGNATURE----- ++++++ wireshark-2.4.5.tar.xz -> wireshark-2.4.6.tar.xz ++++++ /work/SRC/openSUSE:Factory/wireshark/wireshark-2.4.5.tar.xz /work/SRC/openSUSE:Factory/.wireshark.new/wireshark-2.4.6.tar.xz differ: char 27, line 1
