From 53fc26acc2c9700b574f2b0eca381e374afdb45d1d8bff19b8d4b2fb0fc3a3e4 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Wed, 4 Apr 2018 20:22:42 +0000 Subject: [PATCH 1/2] Wireshark 2.4.6 bsc#1088200 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=243 --- SIGNATURES-2.4.5.txt | 60 ------------------------------------------ SIGNATURES-2.4.6.txt | 60 ++++++++++++++++++++++++++++++++++++++++++ wireshark-2.4.5.tar.xz | 3 --- wireshark-2.4.6.tar.xz | 3 +++ wireshark.changes | 20 ++++++++++++++ wireshark.spec | 2 +- 6 files changed, 84 insertions(+), 64 deletions(-) delete mode 100644 SIGNATURES-2.4.5.txt create mode 100644 SIGNATURES-2.4.6.txt delete mode 100644 wireshark-2.4.5.tar.xz create mode 100644 wireshark-2.4.6.tar.xz diff --git a/SIGNATURES-2.4.5.txt b/SIGNATURES-2.4.5.txt deleted file mode 100644 index a1e54b5..0000000 --- a/SIGNATURES-2.4.5.txt +++ /dev/null @@ -1,60 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -wireshark-2.4.5.tar.xz: 28836740 bytes -SHA256(wireshark-2.4.5.tar.xz)=b3b2ec29fba0f4a3a590438abe4054e56f19108d440fc2d61492db9d8ff16fd7 -RIPEMD160(wireshark-2.4.5.tar.xz)=f14cbb589a4fbf42f2420a34f2e98a2b274641e6 -SHA1(wireshark-2.4.5.tar.xz)=c49dfaba0a62d9e3f8ecda5e148f19cba9800900 - -Wireshark-win32-2.4.5.exe: 52716272 bytes -SHA256(Wireshark-win32-2.4.5.exe)=31687c3c0f9e7c2c0ce610db5c659680083d7204c5fbda4a98fb439a86c90011 -RIPEMD160(Wireshark-win32-2.4.5.exe)=68f6b32d6bef1e789dd4783229c7974026986d1f -SHA1(Wireshark-win32-2.4.5.exe)=0825f8d3525b109c55a4c8fb7fc249043d9b822c - -Wireshark-win64-2.4.5.exe: 57909112 bytes -SHA256(Wireshark-win64-2.4.5.exe)=867338819182ba636e1b741e87d60f1b06661138c2614db1253f1c75c17ae68c -RIPEMD160(Wireshark-win64-2.4.5.exe)=5f8040361904c6317cac57ae48884182dcd66172 -SHA1(Wireshark-win64-2.4.5.exe)=273d4395d9fc6323f4618884ccc46ad640bebb53 - -Wireshark-win64-2.4.5.msi: 47079424 bytes -SHA256(Wireshark-win64-2.4.5.msi)=201b6b9f4b9f15459287286809daba2d68464aa89320c1d676db565224e8b2ae -RIPEMD160(Wireshark-win64-2.4.5.msi)=700ab32ebb8e72999cf8916b53a3fb71ce279ca6 -SHA1(Wireshark-win64-2.4.5.msi)=7408105a82218aa1d9c4c9ce855738403734f230 - -Wireshark-win32-2.4.5.msi: 41967616 bytes -SHA256(Wireshark-win32-2.4.5.msi)=8a1fff845e5b51c1778f42e43d715a1f41943fd7bced32424eed7eb0b295abf8 -RIPEMD160(Wireshark-win32-2.4.5.msi)=7eb658336b6679a3b828d1a54b29acc0a2f6e162 -SHA1(Wireshark-win32-2.4.5.msi)=11d8b499d128cf64c7226fb0e76fc44354008d60 - -WiresharkPortable_2.4.5.paf.exe: 45373920 bytes -SHA256(WiresharkPortable_2.4.5.paf.exe)=b2bb1d15a0c5cbd9fd168688b24cf0aff2445a005641adcae531aa3a605a5964 -RIPEMD160(WiresharkPortable_2.4.5.paf.exe)=5a0d230438eae0d33f3410fdf165c885712b96d7 -SHA1(WiresharkPortable_2.4.5.paf.exe)=8341f112a2bc90256d2a5b4a6a01655d50c381f5 - -Wireshark 2.4.5 Intel 64.dmg: 42004449 bytes -SHA256(Wireshark 2.4.5 Intel 64.dmg)=028592817849f180f4014288a9566910e4ab508cb3b53a9721c9c667379acd15 -RIPEMD160(Wireshark 2.4.5 Intel 64.dmg)=0c6adbb0068ad4e87af17397a7cfeb33ed80db69 -SHA1(Wireshark 2.4.5 Intel 64.dmg)=7b6bc07482f7ef506a559a922d413e2e1989d796 - -You can validate these hashes using the following commands (among others): - - Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 - Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz - macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" - Other: openssl sha256 wireshark-x.y.z.tar.xz ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlqQfH4ACgkQgiRKeOb+ -rur5tBAAoGElt+RqtABqCauP4bEksWtXfSkoR+aJbYm+VKaHwQgdKDBE6MmJEa+7 -5ZxSe4nmtES/t9wPFmSD8g3fAn5a5zeL6O5pX8mmktxxqvisP8VuVJZZ7+zkoOQI -5GgU8S5NvYWFL1EqAjNbB0aTKpdEm/x5m5X9q3Y24w7C2gPL2kPo2QeCvviYJgT4 -Z725buE6gQ3rMPkYSieImOcDKqUVvPDwbz76xVrFYW251cSMUzIQTTbeQs+peNsq -FUpq/atnZR5ZUS73fbcgQgyulEEEgtVYihun/phJt3CKLw46zaitiMdaYl7Bt0HJ -pt2XpQuK0/diO2it4wDdV1QZ/DIMxnL3ty5r3rT3XqDT8OFZkecOhji8fqTKs5nn -WJH+7agG24MEvOmBn/x6QEp8Tm3T0dRZe5O5Z6XnMJwH1deqBDMaRK0ndCb7QXKW -ww1oS8AkxfB3+9WlcBpMWOQOCaoHmabCugdKubHzrFBYe/ETx42UuVr/1swphVpU -VCgpI/3uMV/JTEWKjMgod1h880j5y2ZUSF8z20bitjdJxYEeAhww3V58+4zFSnGc -QsHeSD1UAl5DzVkkycA3lwHC40XHvB1G85jN4nEVui4IM5NdCEYxaEm6onCVbqa+ -2wt9iv1Djun6aGqf0zHeMtffxzjyyTINLL4XqYgImkGYXC9/zKE= -=HIJo ------END PGP SIGNATURE----- diff --git a/SIGNATURES-2.4.6.txt b/SIGNATURES-2.4.6.txt new file mode 100644 index 0000000..af190e6 --- /dev/null +++ b/SIGNATURES-2.4.6.txt @@ -0,0 +1,60 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +wireshark-2.4.6.tar.xz: 28851192 bytes +SHA256(wireshark-2.4.6.tar.xz)=8e965fd282bc0c09e7c4eba5f08a555d0ccf40a7d1544b939e01b90bc893d5fe +RIPEMD160(wireshark-2.4.6.tar.xz)=4d58798dfbb5a6567a731e0d6308e1dca3c859ee +SHA1(wireshark-2.4.6.tar.xz)=25ba24628acfc12d7541298255f50e8034e694b7 + +Wireshark-win64-2.4.6.exe: 57924080 bytes +SHA256(Wireshark-win64-2.4.6.exe)=025c68ae6ac5a4ae146ba8318f596089859c9d5d890b688ed8c1498745779412 +RIPEMD160(Wireshark-win64-2.4.6.exe)=d861ae68de77ede9c07ce5ca8126ccadb2ccbe94 +SHA1(Wireshark-win64-2.4.6.exe)=5f57fe6ff476b619eb83ff4e8d18b6ffca6f0afb + +Wireshark-win32-2.4.6.exe: 52729424 bytes +SHA256(Wireshark-win32-2.4.6.exe)=6395ca0265207dcdcb1080073591968dec2711cbea27708efb83bbd6c3a32235 +RIPEMD160(Wireshark-win32-2.4.6.exe)=6bc69510b01a9cc1199d2f813d996a692d2f1cb2 +SHA1(Wireshark-win32-2.4.6.exe)=a4e3855757d7a92e29b7e2217cf297b589f9e5e9 + +Wireshark-win32-2.4.6.msi: 41992192 bytes +SHA256(Wireshark-win32-2.4.6.msi)=6efc9545528c76166e00942a2e7ef334c06ff7de15c450d9d685c9a0ffe8936d +RIPEMD160(Wireshark-win32-2.4.6.msi)=afc7b83b434df048b2b645b68ba6b28fc2ef2ff4 +SHA1(Wireshark-win32-2.4.6.msi)=667c7f3bc788cdff4b3875c7e709d199b63da2ce + +Wireshark-win64-2.4.6.msi: 47026176 bytes +SHA256(Wireshark-win64-2.4.6.msi)=c4b6cac3c8a8814fc9bb6e19a28a467b26067bc0a661150e7018f8923e43d535 +RIPEMD160(Wireshark-win64-2.4.6.msi)=76b331d59b0ee1b7b29ccac0c9865094e7f1622f +SHA1(Wireshark-win64-2.4.6.msi)=2a67f3d3ba177686794cf1ff3e64cfd56541c217 + +WiresharkPortable_2.4.6.paf.exe: 45406800 bytes +SHA256(WiresharkPortable_2.4.6.paf.exe)=bcf10c20f0bfc0ebace4bbfd4022cdc69e642bbe27128a01a3b5bb3f6e532fc3 +RIPEMD160(WiresharkPortable_2.4.6.paf.exe)=cd01b4e5aa81f7c3543b6c78224900c1890f0909 +SHA1(WiresharkPortable_2.4.6.paf.exe)=7425c8a3f5eb8efa0304b7ac10acc598e3b6eb54 + +Wireshark 2.4.6 Intel 64.dmg: 42490725 bytes +SHA256(Wireshark 2.4.6 Intel 64.dmg)=0e51f0c7892422df8a755044344cb9f01d4b2bbc9f90bcc63fb4a791000106f8 +RIPEMD160(Wireshark 2.4.6 Intel 64.dmg)=7ca143bacb1ee969709c8933fd1d29127be687e1 +SHA1(Wireshark 2.4.6 Intel 64.dmg)=5845d6ebe392ec1094c4e4297dd79807a3bab114 + +You can validate these hashes using the following commands (among others): + + Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 + Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz + macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" + Other: openssl sha256 wireshark-x.y.z.tar.xz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlrD8F4ACgkQgiRKeOb+ +ruoZYxAApq3NGF5OsDWdM1lo4JeMNR6fp8vDx91hYYV3mbarauLljp4yM6Wmp9qt +iSJ4SmjjuBAOWU0CvZJP9g2t7Yy4BMpCddVdeGwOr3tEcnbcoftPEd4auoLd1Hnb +Ue5WZYB58nzzQpz78chbZX+H4o8r7K8Z98eQdtoC69mTszr6qrGkEKTuf5zzFQIh +MmrfrhTjzHCdW5GsjxcWtkI7jsFUx3Gx0ziyCg6sm1H/8ZDL+/OhO5bVyXNAsF8B +62qXJNx2LDh+KDKVxJy3LVBTgWDUfelTnO/vIXeX8pevSqX1TaiDT65NaOFmw8Ix +K2V44bBIhbi5XfKv922ENCmX2fJzMii7N9cgXWOPOs0bx2t+DG2Lsc9Invo5kiHn +uqDhe4/1FG1dqlmEByaDiCJ8EjDiZot1iQUHPybEILBaWRbrI+9IX4bQ3DFLATL5 +jeWPotJNZVsFc2sGGJocGIBUI0S8eT1MZqsQjvRxh5GT/E++gXqtXAGjBINv/Rx7 +9DTkoSSWJ5d0AOQb3/oP9csUEyHymx8R+LQZ1LukPTfw0/VKp0d0HBlDtpezbUpp +kFc/FRhss1b3jWlxC/dfqHtrkLIWJQkR5vBFqrS1OC2UgKZsUw0iAMyCnhEx86x4 +K0D1f0sGynuHJ8NIN0nm0f2qP28NaF5wU8+7ZX5H71gsRiY+76s= +=kjTJ +-----END PGP SIGNATURE----- diff --git a/wireshark-2.4.5.tar.xz b/wireshark-2.4.5.tar.xz deleted file mode 100644 index 64455c2..0000000 --- a/wireshark-2.4.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b3b2ec29fba0f4a3a590438abe4054e56f19108d440fc2d61492db9d8ff16fd7 -size 28836740 diff --git a/wireshark-2.4.6.tar.xz b/wireshark-2.4.6.tar.xz new file mode 100644 index 0000000..ea154c7 --- /dev/null +++ b/wireshark-2.4.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8e965fd282bc0c09e7c4eba5f08a555d0ccf40a7d1544b939e01b90bc893d5fe +size 28851192 diff --git a/wireshark.changes b/wireshark.changes index 8cb77d3..7d2410a 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Wed Apr 4 20:20:16 UTC 2018 - astieger@suse.com + +- Wireshark 2.4.6: + This release fixes minor vulnerabilities that could be used to + trigger dissector crashes or cause dissectors to go into large + infinite loops by making Wireshark read specially crafted + packages from the network or capture files (bsc#1088200): + * ADB dissector crash + * IEEE 802.15.4 dissector crash + * NBAP dissector crash + * VLAN dissector crash + * LWAPP dissector crash + * Kerberos dissector crash + * TCP dissector crash + * CQL infinite loop + * Memory leaks in multiple dissectors + * Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html + ------------------------------------------------------------------- Sat Feb 24 10:04:01 UTC 2018 - astieger@suse.com diff --git a/wireshark.spec b/wireshark.spec index 7d670a0..a1888de 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -36,7 +36,7 @@ %bcond_with geoip %endif Name: wireshark -Version: 2.4.5 +Version: 2.4.6 Release: 0 Summary: A Network Traffic Analyser License: GPL-2.0+ AND GPL-3.0+ From 7ab5863ca5d0b913d0f668f971f23232110d15866be823f8c99c3f66bc998865 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Thu, 5 Apr 2018 07:40:08 +0000 Subject: [PATCH 2/2] cve OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=244 --- wireshark.changes | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/wireshark.changes b/wireshark.changes index 7d2410a..abadc54 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -6,15 +6,18 @@ Wed Apr 4 20:20:16 UTC 2018 - astieger@suse.com trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1088200): - * ADB dissector crash - * IEEE 802.15.4 dissector crash - * NBAP dissector crash - * VLAN dissector crash - * LWAPP dissector crash - * Kerberos dissector crash - * TCP dissector crash - * CQL infinite loop - * Memory leaks in multiple dissectors + * CVE-2018-9264: ADB dissector crash + * CVE-2018-9260: IEEE 802.15.4 dissector crash + * CVE-2018-9261: NBAP dissector crash + * CVE-2018-9262: VLAN dissector crash + * CVE-2018-9256: LWAPP dissector crash + * CVE-2018-9263: Kerberos dissector crash + * CVE-2018-9258: TCP dissector crash + * CVE-2018-9257: CQL infinite loop + * Memory leaks in multiple dissectors: + CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, + CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, + CVE-2018-9273, CVE-2018-9274 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html