From 2f00f4822ab64e2c64e78a21a6ed28e49cfb6670feb4d912db05b9102772ece0 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 2 Jun 2017 08:42:14 +0000 Subject: [PATCH 1/4] Wireshark 2.2.7 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=213 --- SIGNATURES-2.2.6.txt | 48 ----------------------------------------- SIGNATURES-2.2.7.txt | 48 +++++++++++++++++++++++++++++++++++++++++ wireshark-2.2.6.tar.bz2 | 3 --- wireshark-2.2.7.tar.bz2 | 3 +++ wireshark.changes | 21 ++++++++++++++++++ wireshark.spec | 2 +- 6 files changed, 73 insertions(+), 52 deletions(-) delete mode 100644 SIGNATURES-2.2.6.txt create mode 100644 SIGNATURES-2.2.7.txt delete mode 100644 wireshark-2.2.6.tar.bz2 create mode 100644 wireshark-2.2.7.tar.bz2 diff --git a/SIGNATURES-2.2.6.txt b/SIGNATURES-2.2.6.txt deleted file mode 100644 index 5ec5c68..0000000 --- a/SIGNATURES-2.2.6.txt +++ /dev/null @@ -1,48 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -wireshark-2.2.6.tar.bz2: 32317335 bytes -SHA256(wireshark-2.2.6.tar.bz2)=f627d51eda85f5ae5f5c8c9fc1f6539ffc2a270dd7500dc7f67490a8534ca849 -RIPEMD160(wireshark-2.2.6.tar.bz2)=12574c3536c621164215a5a3c1840d87489cc189 -SHA1(wireshark-2.2.6.tar.bz2)=608c0ece0d7c0f9c82f031e69c87c0de57c3f0dd -MD5(wireshark-2.2.6.tar.bz2)=2cd9a35c2df8c32668c1776784f074df - -Wireshark-win32-2.2.6.exe: 44522984 bytes -SHA256(Wireshark-win32-2.2.6.exe)=d43a3194d4cb6899bda39fb24e43bbfd8497d6c2794658f69955b7d6a111a796 -RIPEMD160(Wireshark-win32-2.2.6.exe)=8ac37da27beaaeb6b982459c22c203ec5ad1e5f0 -SHA1(Wireshark-win32-2.2.6.exe)=710a1540fb39b15db7db7c2fa652ab80eeca296c -MD5(Wireshark-win32-2.2.6.exe)=32807564710c35f67b10750f4d570b6a - -Wireshark-win64-2.2.6.exe: 49385272 bytes -SHA256(Wireshark-win64-2.2.6.exe)=faa10fe979440aa231478b8ad35ae5810020f814438e735e6edd57611465c405 -RIPEMD160(Wireshark-win64-2.2.6.exe)=b584223cea4db8f2cabd04e7654732cb3696d26c -SHA1(Wireshark-win64-2.2.6.exe)=cdbb1b95293238dce38c3e1a8940b99daf48fbdc -MD5(Wireshark-win64-2.2.6.exe)=74ce176674b5c7e26874f2a8f3c55153 - -WiresharkPortable_2.2.6.paf.exe: 46147304 bytes -SHA256(WiresharkPortable_2.2.6.paf.exe)=d884196b54e198621d8b2e0315edd54ee7e38efa9acdd1bfe97841f87e63d878 -RIPEMD160(WiresharkPortable_2.2.6.paf.exe)=bce2be0909bfe84d075d0ed852d8663d3fcde5ae -SHA1(WiresharkPortable_2.2.6.paf.exe)=4d25cd67b46b27ab55b6b47b5752b4b9507e008d -MD5(WiresharkPortable_2.2.6.paf.exe)=a019ab377c55dcf9df7692c2aa44fb23 - -Wireshark 2.2.6 Intel 64.dmg: 32858564 bytes -SHA256(Wireshark 2.2.6 Intel 64.dmg)=efe30c1729543ae95ce22ad89d41251fee94e38d3d72a4f7a2a25e86a8bc66fe -RIPEMD160(Wireshark 2.2.6 Intel 64.dmg)=e9cf275b5531905366d27ffc65482dcde4c7e35b -SHA1(Wireshark 2.2.6 Intel 64.dmg)=d38a9b38f4a662da6299fd9301f22d3b877b002e -MD5(Wireshark 2.2.6 Intel 64.dmg)=f52d767768925ebae7b7e70bf86ca974 ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAljunhAACgkQgiRKeOb+ -rupGxhAAoux2lVYbvQuF/56W+MPJP//XL7AeDb0DLFPsg+2CvnnIG4xRWGD/Xs74 -zzxDd8d/L6YYfn1BB/pGZDwRHtEpb7srBFxU59K7Lndgt58TyumvBddHq2vuTG0i -KolOJnIMnIgS6zRAXLbPiRnEXbVncT7HglV0XPMqldCQ+UeeeLn17BwW06nD8DlD -qCn4ZLL0Ko1nT6BcfDQ6AifrrOdJ5IVCezZZ7+aWb54+xSR3DPzKEaFBO6P7Q0G9 -8u4sIyyc3WUv9j9fCqCwyHwaaWgeWaSVcgU39ta7lUF03wzl8t7ZTKAs2O7c71yr -EN8Lm2IuYzAEwx2vSV164yu4y1l/CsF64QLHwhPFLR5QagydI6qBjCBGgykctzqc -8bHnueguFb+9kF+PdH5rH6bOXArYZAkBSP+fXdHyxfCPwO7GjK7kbGCD7k5uhdjG -R3B7VqxRFzed3LHIAaJ52GcjLZ6gzhqp+zOpZLzCAvJVmryIgq/Eo8/Dsi87/jxp -GuJEKAvBdZfaGdYXTOOzwo6ktTHdCa8w2V2RBMXoulUCqQMT+NYFeZlVsa9Mju7M -hzdevy/DjIDkQgW6nVSjYCdMpCRyRPkbXspSG5SRb4WV/LOP1poWwKBXxT4qai1F -6MyAoqODydWcpypUU6qEU4MGvhyVfylOhFsmmHDLY/Y/sgx51TM= -=cvmE ------END PGP SIGNATURE----- diff --git a/SIGNATURES-2.2.7.txt b/SIGNATURES-2.2.7.txt new file mode 100644 index 0000000..358a581 --- /dev/null +++ b/SIGNATURES-2.2.7.txt @@ -0,0 +1,48 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +wireshark-2.2.7.tar.bz2: 32309420 bytes +SHA256(wireshark-2.2.7.tar.bz2)=689ddf62221b152779d8846ab5b2063cc7fd41ec1a9f04eefab09b5d5486dbb5 +RIPEMD160(wireshark-2.2.7.tar.bz2)=baf598f495c04f3709cb02c9046b8176f5f5c72e +SHA1(wireshark-2.2.7.tar.bz2)=2bb1cdf56a93fb22a66e8179214b587c71f06c9e +MD5(wireshark-2.2.7.tar.bz2)=a4d880554c7f925dafef60fa313b580d + +Wireshark-win64-2.2.7.exe: 49400720 bytes +SHA256(Wireshark-win64-2.2.7.exe)=cc8e6feff1e72d1baaafb277e33c9137a76a5edeca629fe4c764070a0719df50 +RIPEMD160(Wireshark-win64-2.2.7.exe)=e1b5395752ff672593bb02e02c9d43b969a6d136 +SHA1(Wireshark-win64-2.2.7.exe)=bb9f0c2f8448069e8ef33302e3e8a5182a066788 +MD5(Wireshark-win64-2.2.7.exe)=30570a7b54c17da897cf155e35a2f44a + +Wireshark-win32-2.2.7.exe: 44550128 bytes +SHA256(Wireshark-win32-2.2.7.exe)=6f5ef2ed9aed62f3613f66b960f50663cfb4ec4b59c9fe1fa11ff08137c8a0c0 +RIPEMD160(Wireshark-win32-2.2.7.exe)=14aa5ae001272ac7ce1eea2d166f02b89a1de76c +SHA1(Wireshark-win32-2.2.7.exe)=1c778e2885fbf0668f75567841d0b00c73b9c7d6 +MD5(Wireshark-win32-2.2.7.exe)=ab254d59f70aec9178aeb8a76a24de50 + +WiresharkPortable_2.2.7.paf.exe: 46147736 bytes +SHA256(WiresharkPortable_2.2.7.paf.exe)=3fc82830a4d2b0d620ef37c1fd406d99e5cad7ff2c831b1d284f5e87282ae2c1 +RIPEMD160(WiresharkPortable_2.2.7.paf.exe)=2d699d1fe6d1bd2e30000cff21837d17d069725f +SHA1(WiresharkPortable_2.2.7.paf.exe)=5cc73524dfc49780ce22f8dfe4d74876c2f9eb5a +MD5(WiresharkPortable_2.2.7.paf.exe)=d05d04a6ce82a7253949d45cc5fb6186 + +Wireshark 2.2.7 Intel 64.dmg: 32873230 bytes +SHA256(Wireshark 2.2.7 Intel 64.dmg)=6d46e7270fc6b661ece24c0fcaf56c7e4ce4f65501ef055ea46c6cfdf95c6dcb +RIPEMD160(Wireshark 2.2.7 Intel 64.dmg)=7b1ab739f9dc24c03b9b825a8533e0e891ee822f +SHA1(Wireshark 2.2.7 Intel 64.dmg)=50fa591d6fb0d4f59a5c2c9c12c1f114522f8377 +MD5(Wireshark 2.2.7 Intel 64.dmg)=2814af6a4f0c851e1d44213d96428919 +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlkwdzIACgkQgiRKeOb+ +ruqeLw//XkRVualJQ8H5drJUSDQwxDwGwona4R20Bh1EETMeCW+g+IFEx2Me1qcj +460oEZ7JshsUYI2rGeqJSoK3xPLWLsNwdaMrV3hJOT5WiglJq/OZ6XUUrAsWZ25B ++pzYK95SCl3OWeNOpVvj7BKmI8GljzE6MkItSwHeK4+GC4R144UxGBtOjm6iiQHV +stIbec6+lqGYjAAq9V/I+ukYuOoFomlXZcRIMl1/RBB3L8Y2R+xiu+vEUBSNuNgV +IfgBej3ydzHvZpidOMQMGTpiffZ/BMhh/NRvTwv18MHAn60tuyJ3EoQpUMWVOxTR +AZ5dADVvu7ojtCnx5M5rsOdNRq1eW2gHUClVlYYJWWjJ+FD9yu0tyOjsJXkuJHfa +ayrsDATBYFjX3xVEszeUiNj4uYdKt055wa0W6Ra7uvkKH6YrVViROh3WyYVHKofz +JthcSkoqLFZvqkTq01viDcmk3GvNrkxBB5ziCgT4hzHFPh+JQld6GgD9LbUajydR +BOnmKVJlBaozCSJhKd7dIg+dnJeQG8GBEU2rviWqQsYovRl9YOMGa9vmeZApTa5y +WwTbI7OFitfVAgPuLymWActbEBREJfKx5A3RDV/HSgO1UjXs/FEOzbj2RSOT14T5 ++tliAL+bMbnLzBDdGKzCDb9Aq/6bgzYfzJFjvF4raopGYsLccqk= +=KpEA +-----END PGP SIGNATURE----- diff --git a/wireshark-2.2.6.tar.bz2 b/wireshark-2.2.6.tar.bz2 deleted file mode 100644 index 63a0988..0000000 --- a/wireshark-2.2.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f627d51eda85f5ae5f5c8c9fc1f6539ffc2a270dd7500dc7f67490a8534ca849 -size 32317335 diff --git a/wireshark-2.2.7.tar.bz2 b/wireshark-2.2.7.tar.bz2 new file mode 100644 index 0000000..3d7d31b --- /dev/null +++ b/wireshark-2.2.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:689ddf62221b152779d8846ab5b2063cc7fd41ec1a9f04eefab09b5d5486dbb5 +size 32309420 diff --git a/wireshark.changes b/wireshark.changes index 3b0b315..17fbde1 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Fri Jun 2 08:39:48 UTC 2017 - astieger@suse.com + +- Wireshark 2.2.7: + This release fixes minor vulnerabilities toat could be used to + trigger dissector crashes, infinite loops or cause excessive use + of CPU resources by making Wireshark read specially crafted + packages from the network or a capture file: + * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) + * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) + * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) + * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) + * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) + * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) + * CVE-2017-9350: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) + * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) + * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) + * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) + * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) + * CVE-2017-9353: IPv6 dissector crash (wnpa-sec-2017-33) + ------------------------------------------------------------------- Wed May 17 09:51:33 UTC 2017 - astieger@suse.com diff --git a/wireshark.spec b/wireshark.spec index 6cac4d7..578cdea 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -36,7 +36,7 @@ %bcond_with geoip %endif Name: wireshark -Version: 2.2.6 +Version: 2.2.7 Release: 0 Summary: A Network Traffic Analyser License: GPL-2.0+ and GPL-3.0+ From b183ffe92a174d8cb6d94d6942525e39dcadd6a91d76142676057b18f6beff4d Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 2 Jun 2017 08:56:30 +0000 Subject: [PATCH 2/4] - Wireshark 2.2.7 (bsc#1042324): OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=214 --- wireshark.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wireshark.changes b/wireshark.changes index 17fbde1..8cc3518 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- -Fri Jun 2 08:39:48 UTC 2017 - astieger@suse.com +Fri Jun 2 08:56:15 UTC 2017 - astieger@suse.com -- Wireshark 2.2.7: +- Wireshark 2.2.7 (bsc#1042324): This release fixes minor vulnerabilities toat could be used to trigger dissector crashes, infinite loops or cause excessive use of CPU resources by making Wireshark read specially crafted From 853177eea3dc0d4140f017cefe08a44b4e22f106ae13ca10c0bcf30b06f17b6d Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 2 Jun 2017 09:15:16 +0000 Subject: [PATCH 3/4] cl OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=215 --- wireshark.changes | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wireshark.changes b/wireshark.changes index 8cc3518..4a64d3c 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,9 +1,9 @@ ------------------------------------------------------------------- -Fri Jun 2 08:56:15 UTC 2017 - astieger@suse.com +Fri Jun 2 09:14:54 UTC 2017 - astieger@suse.com - Wireshark 2.2.7 (bsc#1042324): - This release fixes minor vulnerabilities toat could be used to - trigger dissector crashes, infinite loops or cause excessive use + This release fixes minor vulnerabilities that could be used to + trigger dissector crashes, infinite loopsm or cause excessive use of CPU resources by making Wireshark read specially crafted packages from the network or a capture file: * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) From ecdedd15b20a1f68f89a997d34f703499f594515e8aeb4398ca79df8a33a960d Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 2 Jun 2017 09:23:45 +0000 Subject: [PATCH 4/4] cl OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=216 --- wireshark.changes | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/wireshark.changes b/wireshark.changes index 4a64d3c..42712ba 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,23 +1,23 @@ ------------------------------------------------------------------- -Fri Jun 2 09:14:54 UTC 2017 - astieger@suse.com +Fri Jun 2 09:21:15 UTC 2017 - astieger@suse.com -- Wireshark 2.2.7 (bsc#1042324): +- Wireshark 2.2.7 (bsc#1042330): This release fixes minor vulnerabilities that could be used to trigger dissector crashes, infinite loopsm or cause excessive use of CPU resources by making Wireshark read specially crafted packages from the network or a capture file: - * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) - * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) - * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) - * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) - * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) - * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) - * CVE-2017-9350: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) - * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) - * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) - * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) - * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) - * CVE-2017-9353: IPv6 dissector crash (wnpa-sec-2017-33) + * CVE-2017-9352: Bazaar dissector infinite loop (bsc#1042304) + * CVE-2017-9348: DOF dissector read overflow (bsc#1042303) + * CVE-2017-9351: DHCP dissector read overflow (bsc#1042302) + * CVE-2017-9346: SoulSeek dissector infinite loop (bsc#1042301) + * CVE-2017-9345: DNS dissector infinite loop (bsc#1042300) + * CVE-2017-9349: DICOM dissector infinite loop (bsc#1042305) + * CVE-2017-9350: openSAFETY dissector memory exhaustion (bsc#1042299) + * CVE-2017-9344: BT L2CAP dissector divide by zero (bsc#1042298) + * CVE-2017-9343: MSNIP dissector crash (bsc#1042309) + * CVE-2017-9347: ROS dissector crash (bsc#1042308) + * CVE-2017-9354: RGMP dissector crash (bsc#1042307) + * CVE-2017-9353: IPv6 dissector crash (bsc#1042306) ------------------------------------------------------------------- Wed May 17 09:51:33 UTC 2017 - astieger@suse.com