From b3bac27a07fddd1543f0021365c300c07f513cdb37860fa42d083a28bbb5772e Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Thu, 29 Nov 2018 08:59:41 +0000 Subject: [PATCH] Accepting request 652577 from home:AndreasStieger:branches:network:utilities - Wireshark 2.6.5 (bsc#1117740): * CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) * CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) * CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) * CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) * CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) * CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) * CVE-2018-19628: The ZigBee ZCL dissector could crash (wnpa-sec-2018-57) - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html OBS-URL: https://build.opensuse.org/request/show/652577 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=265 --- SIGNATURES-2.6.4.txt | 60 ------------------------------------------ SIGNATURES-2.6.5.txt | 60 ++++++++++++++++++++++++++++++++++++++++++ wireshark-2.6.4.tar.xz | 3 --- wireshark-2.6.5.tar.xz | 3 +++ wireshark.changes | 14 ++++++++++ wireshark.spec | 2 +- 6 files changed, 78 insertions(+), 64 deletions(-) delete mode 100644 SIGNATURES-2.6.4.txt create mode 100644 SIGNATURES-2.6.5.txt delete mode 100644 wireshark-2.6.4.tar.xz create mode 100644 wireshark-2.6.5.tar.xz diff --git a/SIGNATURES-2.6.4.txt b/SIGNATURES-2.6.4.txt deleted file mode 100644 index b1eebf6..0000000 --- a/SIGNATURES-2.6.4.txt +++ /dev/null @@ -1,60 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -wireshark-2.6.4.tar.xz: 28218232 bytes -SHA256(wireshark-2.6.4.tar.xz)=a06b007e6343f148b8b93443b2fcfc9bb3204311cd268565d54d1b71660bc861 -RIPEMD160(wireshark-2.6.4.tar.xz)=719cab381d824672e0f5e4b1c7a20de8863b28a6 -SHA1(wireshark-2.6.4.tar.xz)=89ef68c2696b6b424cc65bb63a1be085fe7bd776 - -Wireshark-win32-2.6.4.exe: 53791520 bytes -SHA256(Wireshark-win32-2.6.4.exe)=e2a75ec989c8c9c00cd197be7f137707fbc924899fdae2e50e5515b27e7d0ed5 -RIPEMD160(Wireshark-win32-2.6.4.exe)=29f2145f3adbf6a3843ac8254e9f2f10f99f4a47 -SHA1(Wireshark-win32-2.6.4.exe)=0e24a5436e8fd67718395955526ed33a33602671 - -Wireshark-win64-2.6.4.exe: 59534280 bytes -SHA256(Wireshark-win64-2.6.4.exe)=3ca543a311a9ec3f9b2045768ead78af3acd19f8fa447aae9885712c5f8aaddb -RIPEMD160(Wireshark-win64-2.6.4.exe)=046e6a80423124a3f108dabafb15c4569806cd3c -SHA1(Wireshark-win64-2.6.4.exe)=dc591ec27efbbd2c8380977b54ea3bb098c9d7ba - -Wireshark-win32-2.6.4.msi: 43290624 bytes -SHA256(Wireshark-win32-2.6.4.msi)=20d280fc4b408f6a435e2dc79aefe0f37c82e0ccf46d83ad73eb946e024d5406 -RIPEMD160(Wireshark-win32-2.6.4.msi)=454e9c321db9f580f58768da5cbee20df2058c85 -SHA1(Wireshark-win32-2.6.4.msi)=0bbf4a9d9252b278377a36137c675fa3d0b84454 - -Wireshark-win64-2.6.4.msi: 48910336 bytes -SHA256(Wireshark-win64-2.6.4.msi)=ecfd6cd94b78312f7c195852d9cc0cb9d611795b566ccda7a9ada9579fd34007 -RIPEMD160(Wireshark-win64-2.6.4.msi)=73a7ad4248ed93b3035b17d6aa0b3e128249f8b4 -SHA1(Wireshark-win64-2.6.4.msi)=977725db376f9e81cc1bde7f7a307f87acdc2074 - -WiresharkPortable_2.6.4.paf.exe: 37024056 bytes -SHA256(WiresharkPortable_2.6.4.paf.exe)=68a7329733bc0a9ed6dd073bc25886863d7e22ab7cd75b2ae60899a044cad417 -RIPEMD160(WiresharkPortable_2.6.4.paf.exe)=6f19d28957c53b65de397795e5f5c2496d23b6a1 -SHA1(WiresharkPortable_2.6.4.paf.exe)=c79c09f4153d5eec24e985afac82021cbfc6a9a2 - -Wireshark 2.6.4 Intel 64.dmg: 168568106 bytes -SHA256(Wireshark 2.6.4 Intel 64.dmg)=3c347c3ffdbab2d7a358bb4a231e18ef730eb87175c80db7e2fd61b25e8a6d51 -RIPEMD160(Wireshark 2.6.4 Intel 64.dmg)=226997747055fcaff89d430762f7c16d06cbcce4 -SHA1(Wireshark 2.6.4 Intel 64.dmg)=cf32dcaf919b79b6d8cd35d22ca891d45540d787 - -You can validate these hashes using the following commands (among others): - - Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 - Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz - macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" - Other: openssl sha256 wireshark-x.y.z.tar.xz ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlu/zpcACgkQgiRKeOb+ -ruqhKQ//SZeNT+K8etgAeSMgyJT/3Mw9o65MyYALLocBAeNXhURY6IoQcWp5eBBX -5vYJE7WVEaDytk2ngYd9os8aOA8z59UdRDU/f77YgwxqXHn0Sa2IBsdCBlyRNbGI -5z4pGurfmYfy6QMDUgv3htP2ZLAuAHUABbElV2H5nObBWIpsCgqbRibANE0WOiKF -6cO9sUUlT29iINeRpIZVqpm34OzuI3itpXrwrZAguUfgKQQD2pcfzfScxtLELPsg -C2DJ8p947RVGbNLII16rWWFkH0FvIJoc7LISFoMI08GURfRKabYwO5OAtZ4Wp7Wx -j66Ozthtiewz9i8u+S535Hqisy5He6eZwuxlS9Yd5dWBCtXSzzrdvg0OfTGI9w0+ -s+Lr5MziG9z5Zj3gO9X2wM1p4O48uaEORysE4YsHMlBGYR6+YN91mNgPqMafmbqE -/gBn/X//dssvcNua92I3W6pxJmdtw38ToaiVMp+tUKVDrk3BGzp4FmbX78fbYNxE -/9uJ4PTtCtbb7r9Z3v3BTgKyu2skkCVp8Z9ssKYUuOtac0JVHi3idgj9IxBvJSgA -2ZKbEsjtqoL5EgTb7+mxsXaX/Nc22fcfD9YNZSg/1+00pdEkmH4hsr8bjPiv3tKZ -E7p3SZiXFpAWrTpKfdByAxLCSzuS6TKAadVlfqX24ZDARbnBWPU= -=C5CQ ------END PGP SIGNATURE----- diff --git a/SIGNATURES-2.6.5.txt b/SIGNATURES-2.6.5.txt new file mode 100644 index 0000000..c4d95c7 --- /dev/null +++ b/SIGNATURES-2.6.5.txt @@ -0,0 +1,60 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +wireshark-2.6.5.tar.xz: 28390292 bytes +SHA256(wireshark-2.6.5.tar.xz)=93155b798544b2f07693920f4ac1b531c952965ee4eb1d98419961240177438a +RIPEMD160(wireshark-2.6.5.tar.xz)=0f840f0ef8747ba808ac17660bb54f3ff9dfdc4b +SHA1(wireshark-2.6.5.tar.xz)=556a8e084230e6359c86daf578d25c6f443458bb + +Wireshark-win32-2.6.5.exe: 53798712 bytes +SHA256(Wireshark-win32-2.6.5.exe)=9c9a459cec8866b82f68e35d6376d6d121123f3551bd83a17b36193e32828d2f +RIPEMD160(Wireshark-win32-2.6.5.exe)=7e7a667c9169075f23bf28b4b39604396a89b529 +SHA1(Wireshark-win32-2.6.5.exe)=333556211a0e48eff4778404b809d3fb49414b8b + +Wireshark-win64-2.6.5.exe: 59537312 bytes +SHA256(Wireshark-win64-2.6.5.exe)=1ee5afdc18efda2781a88da6a360a28ae88feaaecdc7c3246fb98767abcc7654 +RIPEMD160(Wireshark-win64-2.6.5.exe)=65e9962f4c52af124a657e157fb91ee303affa2e +SHA1(Wireshark-win64-2.6.5.exe)=126b32d7e11bfb42b86c87920ea231e213defc5c + +Wireshark-win32-2.6.5.msi: 43286528 bytes +SHA256(Wireshark-win32-2.6.5.msi)=a63cbb2da79ef80ae8855ef4cfbd92285de9655833e2dd1897d84cdb83246141 +RIPEMD160(Wireshark-win32-2.6.5.msi)=8ebabf8958167bd68a69a754cc36a0f008a1b354 +SHA1(Wireshark-win32-2.6.5.msi)=1b74d74a9c9d54d7507be198c891ab00905931f6 + +Wireshark-win64-2.6.5.msi: 48926720 bytes +SHA256(Wireshark-win64-2.6.5.msi)=3882cabc355ee298e4a8e6940cc67c286c349b85e76dfc63fe532f0555cba004 +RIPEMD160(Wireshark-win64-2.6.5.msi)=d49c115e92373529049e7689ba693e8101dad9de +SHA1(Wireshark-win64-2.6.5.msi)=0433bbf10eef0b0d8949a6145c4ebcfdfbf49e6a + +WiresharkPortable_2.6.5.paf.exe: 37034016 bytes +SHA256(WiresharkPortable_2.6.5.paf.exe)=2c6e3831da69c840f7904deb05542984c03f0de9d3979487ef7a557308c3b1a6 +RIPEMD160(WiresharkPortable_2.6.5.paf.exe)=214876b0f4b7a8f7fac79591b777fad243c6e5c6 +SHA1(WiresharkPortable_2.6.5.paf.exe)=f52d430442028a2d1da33c0fad98e353128f8f10 + +Wireshark 2.6.5 Intel 64.dmg: 168574656 bytes +SHA256(Wireshark 2.6.5 Intel 64.dmg)=b4e2cb6c9ddb0f700ef8eaba9f19248f92069a27622620646f46640e294c678f +RIPEMD160(Wireshark 2.6.5 Intel 64.dmg)=93e33202129eb42165324451e6065b62560c76ab +SHA1(Wireshark 2.6.5 Intel 64.dmg)=0b0cef24d1b1d5aaf13f6b918c24e187aac6a8b9 + +You can validate these hashes using the following commands (among others): + + Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 + Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz + macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" + Other: openssl sha256 wireshark-x.y.z.tar.xz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlv+974ACgkQgiRKeOb+ +rup3rA/9F4oW6OTxwHwA8iatbBpz2+1qZX5aV/qAXdbsMvMoW09IQQA3Zc7AkGKG +YR/23nrcvNv0qW3fe+NldLL2W/gdWFebtZNTGrIgtj2aphQV7XrzTwpubbspZK1r +Cl3CzGlnVjF4a5v1dw6IhiCO0vh/zaqr97OlwHg3qPMeQUmXRQr1CWR1p9xOtx2E +d2lQ4ACW7cbfy1uQ13SF5qBkucB/v09NDum2DQSxqUXt7Kjo78MY81fV/JrPU5hD +mL/GPAORXlXg7ybhX9MT37Vfjgk97blZryvZ8Y78cLnTl9zqQcLGN/EWgA2FDnPO +1SdL3N3WXsTrZliqaIOGZuajkUoSgI7QruJhiMVCUMLUv3ALNHlMYiiPoZ2pV97F +Z6IuRRoIBvCJKsLQZKJISSV7xd+hZnhGKOdfeZ3FrjaU61MxCXQXrZuzycINwm0L +By1ePIPFz0vJSBw/kc3WRb2Xvik47iPHBgI49cAjBa0OjVn7AztlwaTpDF1NVuUt +iMxPCReOHQxxlS8llm87jrHaFtePaPFGpi1TCghUfxNaXU64X39kkffPnCuUEO/U +Tw+kT9MzmzB25J5aafKJ3VQe8GZqNrqWtssyu5L2CkYaqPtyRCrgIWaxbF950xbv +JrsaCoSODO91q7LONqiNeRjkATJS97s9QXBLHnE3C3G0rGlhcmc= +=cW8J +-----END PGP SIGNATURE----- diff --git a/wireshark-2.6.4.tar.xz b/wireshark-2.6.4.tar.xz deleted file mode 100644 index c441201..0000000 --- a/wireshark-2.6.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a06b007e6343f148b8b93443b2fcfc9bb3204311cd268565d54d1b71660bc861 -size 28218232 diff --git a/wireshark-2.6.5.tar.xz b/wireshark-2.6.5.tar.xz new file mode 100644 index 0000000..c4c2302 --- /dev/null +++ b/wireshark-2.6.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:93155b798544b2f07693920f4ac1b531c952965ee4eb1d98419961240177438a +size 28390292 diff --git a/wireshark.changes b/wireshark.changes index a47fff3..fd0af73 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Nov 29 08:58:27 UTC 2018 - astieger@suse.com + +- Wireshark 2.6.5 (bsc#1117740): + * CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) + * CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) + * CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) + * CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) + * CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) + * CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) + * CVE-2018-19628: The ZigBee ZCL dissector could crash (wnpa-sec-2018-57) +- Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html + ------------------------------------------------------------------- Fri Oct 12 12:54:01 UTC 2018 - astieger@suse.com diff --git a/wireshark.spec b/wireshark.spec index 6b9a68e..a5b652f 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -37,7 +37,7 @@ %bcond_with lz4 %endif Name: wireshark -Version: 2.6.4 +Version: 2.6.5 Release: 0 Summary: A Network Traffic Analyser License: GPL-2.0-or-later AND GPL-3.0-or-later