** Summary changed: - [Security] Multiple vulnerabilities fixed in wireshark 1.6.2 + [Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2
** Description changed: The following vulnerabilities have been fixed. - http://www.wireshark.org/security/wnpa-sec-2011-12.html + - A large loop in the OpenSafety dissector could cause a crash. (Bug 6138) [1] + Versions affected: 1.6.0 to 1.6.1. - A large loop in the OpenSafety dissector could cause a crash. (Bug - 6138) + - A malformed IKE packet could consume excessive resources. [2] [3] + Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. - Versions affected: 1.6.0 to 1.6.1. + - A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135) [4] + Versions affected: 1.6.0 to 1.6.1. - http://www.wireshark.org/security/wnpa-sec-2011-13.html + - Wireshark could run arbitrary Lua scripts. (Bug 6136) [5] + Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. - A malformed IKE packet could consume excessive resources. + - The CSN.1 dissector could crash. (Bug 6139) [6] + Versions affected: 1.6.0 to 1.6.1. - Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. + [1] http://www.wireshark.org/security/wnpa-sec-2011-12.html + [2] http://www.wireshark.org/security/wnpa-sec-2011-13.html + [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266 + [4] http://www.wireshark.org/security/wnpa-sec-2011-14.html + [5] http://www.wireshark.org/security/wnpa-sec-2011-15.html + [6] http://www.wireshark.org/security/wnpa-sec-2011-16.html - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266 + More info: + http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#BugFixes - http://www.wireshark.org/security/wnpa-sec-2011-14.html + As I see on ubuntu wiki, it seems a FeatureFreeze Exception for bugfix- + only updates [7] - A malformed capture file could result in an invalid root tvbuff and - cause a crash. (Bug 6135) - - Versions affected: 1.6.0 to 1.6.1. - - http://www.wireshark.org/security/wnpa-sec-2011-15.html - - Wireshark could run arbitrary Lua scripts. (Bug 6136) - - Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. - - http://www.wireshark.org/security/wnpa-sec-2011-16.html - - The CSN.1 dissector could crash. (Bug 6139) - - Versions affected: 1.6.0 to 1.6.1. + [7] https://wiki.ubuntu.com/FreezeExceptionProcess + #FeatureFreeze_for_bugfix-only_updates ** Description changed: The following vulnerabilities have been fixed. - - A large loop in the OpenSafety dissector could cause a crash. (Bug 6138) [1] + - A large loop in the OpenSafety dissector could cause a crash. [1] Versions affected: 1.6.0 to 1.6.1. - A malformed IKE packet could consume excessive resources. [2] [3] Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. - - A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135) [4] + - A malformed capture file could result in an invalid root tvbuff and cause a crash. [4] Versions affected: 1.6.0 to 1.6.1. - - Wireshark could run arbitrary Lua scripts. (Bug 6136) [5] + - Wireshark could run arbitrary Lua scripts. [5] Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. - - The CSN.1 dissector could crash. (Bug 6139) [6] + - The CSN.1 dissector could crash. [6] Versions affected: 1.6.0 to 1.6.1. [1] http://www.wireshark.org/security/wnpa-sec-2011-12.html [2] http://www.wireshark.org/security/wnpa-sec-2011-13.html [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266 [4] http://www.wireshark.org/security/wnpa-sec-2011-14.html [5] http://www.wireshark.org/security/wnpa-sec-2011-15.html [6] http://www.wireshark.org/security/wnpa-sec-2011-16.html More info: http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#BugFixes As I see on ubuntu wiki, it seems a FeatureFreeze Exception for bugfix- - only updates [7] + only updates [7] since there aren't any new feature in this release. [8] - [7] https://wiki.ubuntu.com/FreezeExceptionProcess - #FeatureFreeze_for_bugfix-only_updates + [7] https://wiki.ubuntu.com/FreezeExceptionProcess#FeatureFreeze_for_bugfix-only_updates + [8] http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html#NewFeatures ** Also affects: wireshark (Debian) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/845892 Title: [Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/845892/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
