Bug 33283 - wireshark: Memory corruption (3.2)
Summary: wireshark: Memory corruption (3.2)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 3.0
Hardware: Other Linux
: P3 normal
Target Milestone: UCS 3.2-2
Assignee: Moritz Muehlenhoff
QA Contact: Philipp Hahn
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-12 11:15 CET by Moritz Muehlenhoff
Modified: 2014-05-20 07:53 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-11-12 11:15:26 CET 
Memory corruption in the TCP dissector (CVE-2013-6340)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-03-10 07:22:50 CET 
Buffer overflow in MPEG parser (CVE-2014-2299)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-05-02 13:21:05 CEST 
These issues were fixed with the update to Squeeze 6.0.9 (Bug 34588). The QA should ideally be made by the same person.
Comment 3 Philipp Hahn univentionstaff 2014-05-06 20:02:02 CEST 
OK: adduser Administrator wireshark ; dpkg-reconfigure wireshark-common ; wireshark
OK: wireshark (1.2.11-6+squeeze14) oldstable-security; urgency=high
  * security fixes from Wireshark 1.8.11:
    - The MPEG file parser could overflow a buffer.
      Discovered by Wesley Neelen. (CVE-2014-2299)
wireshark (1.2.11-6+squeeze13) oldstable-security; urgency=high
  * security fixes from Wireshark 1.8.11:
    - The TCP dissector could crash. (CVE-2013-6340)
Comment 4 Stefan Gohmann univentionstaff 2014-05-20 07:53:31 CEST 
UCS 3.2-2 has been released:
 http://docs.univention.de/release-notes-3.2-2-en.html
 http://docs.univention.de/release-notes-3.2-2-de.html

If this error occurs again, please use "Clone This Bug".