- Wireshark 2.2.8 (bsc#1049255):

This release fixes minor vulnerabilities that could be used to
  trigger dissector crashes, infinite loopsm or cause excessive use
  of memory resources by making Wireshark read specially crafted
  packages from the network or a capture file:
  * CVE-2017-7702 CVE-2017-11410: WBMXL dissector infinite loop
    (wnpa-sec-2017-13)
  * CVE-2017-9350 CVE-2017-11411: openSAFETY dissector memory
    exhaustion (wnpa-sec-2017-28)
  * CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34)
  * CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35)
  * CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36)

OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=218

SIGNATURES-2.2.7.txt

@@ -1,48 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-wireshark-2.2.7.tar.bz2: 32309420 bytes
-SHA256(wireshark-2.2.7.tar.bz2)=689ddf62221b152779d8846ab5b2063cc7fd41ec1a9f04eefab09b5d5486dbb5
-RIPEMD160(wireshark-2.2.7.tar.bz2)=baf598f495c04f3709cb02c9046b8176f5f5c72e
-SHA1(wireshark-2.2.7.tar.bz2)=2bb1cdf56a93fb22a66e8179214b587c71f06c9e
-MD5(wireshark-2.2.7.tar.bz2)=a4d880554c7f925dafef60fa313b580d
-
-Wireshark-win64-2.2.7.exe: 49400720 bytes
-SHA256(Wireshark-win64-2.2.7.exe)=cc8e6feff1e72d1baaafb277e33c9137a76a5edeca629fe4c764070a0719df50
-RIPEMD160(Wireshark-win64-2.2.7.exe)=e1b5395752ff672593bb02e02c9d43b969a6d136
-SHA1(Wireshark-win64-2.2.7.exe)=bb9f0c2f8448069e8ef33302e3e8a5182a066788
-MD5(Wireshark-win64-2.2.7.exe)=30570a7b54c17da897cf155e35a2f44a
-
-Wireshark-win32-2.2.7.exe: 44550128 bytes
-SHA256(Wireshark-win32-2.2.7.exe)=6f5ef2ed9aed62f3613f66b960f50663cfb4ec4b59c9fe1fa11ff08137c8a0c0
-RIPEMD160(Wireshark-win32-2.2.7.exe)=14aa5ae001272ac7ce1eea2d166f02b89a1de76c
-SHA1(Wireshark-win32-2.2.7.exe)=1c778e2885fbf0668f75567841d0b00c73b9c7d6
-MD5(Wireshark-win32-2.2.7.exe)=ab254d59f70aec9178aeb8a76a24de50
-
-WiresharkPortable_2.2.7.paf.exe: 46147736 bytes
-SHA256(WiresharkPortable_2.2.7.paf.exe)=3fc82830a4d2b0d620ef37c1fd406d99e5cad7ff2c831b1d284f5e87282ae2c1
-RIPEMD160(WiresharkPortable_2.2.7.paf.exe)=2d699d1fe6d1bd2e30000cff21837d17d069725f
-SHA1(WiresharkPortable_2.2.7.paf.exe)=5cc73524dfc49780ce22f8dfe4d74876c2f9eb5a
-MD5(WiresharkPortable_2.2.7.paf.exe)=d05d04a6ce82a7253949d45cc5fb6186
-
-Wireshark 2.2.7 Intel 64.dmg: 32873230 bytes
-SHA256(Wireshark 2.2.7 Intel 64.dmg)=6d46e7270fc6b661ece24c0fcaf56c7e4ce4f65501ef055ea46c6cfdf95c6dcb
-RIPEMD160(Wireshark 2.2.7 Intel 64.dmg)=7b1ab739f9dc24c03b9b825a8533e0e891ee822f
-SHA1(Wireshark 2.2.7 Intel 64.dmg)=50fa591d6fb0d4f59a5c2c9c12c1f114522f8377
-MD5(Wireshark 2.2.7 Intel 64.dmg)=2814af6a4f0c851e1d44213d96428919
------BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlkwdzIACgkQgiRKeOb+
-ruqeLw//XkRVualJQ8H5drJUSDQwxDwGwona4R20Bh1EETMeCW+g+IFEx2Me1qcj
-460oEZ7JshsUYI2rGeqJSoK3xPLWLsNwdaMrV3hJOT5WiglJq/OZ6XUUrAsWZ25B
-+pzYK95SCl3OWeNOpVvj7BKmI8GljzE6MkItSwHeK4+GC4R144UxGBtOjm6iiQHV
-stIbec6+lqGYjAAq9V/I+ukYuOoFomlXZcRIMl1/RBB3L8Y2R+xiu+vEUBSNuNgV
-IfgBej3ydzHvZpidOMQMGTpiffZ/BMhh/NRvTwv18MHAn60tuyJ3EoQpUMWVOxTR
-AZ5dADVvu7ojtCnx5M5rsOdNRq1eW2gHUClVlYYJWWjJ+FD9yu0tyOjsJXkuJHfa
-ayrsDATBYFjX3xVEszeUiNj4uYdKt055wa0W6Ra7uvkKH6YrVViROh3WyYVHKofz
-JthcSkoqLFZvqkTq01viDcmk3GvNrkxBB5ziCgT4hzHFPh+JQld6GgD9LbUajydR
-BOnmKVJlBaozCSJhKd7dIg+dnJeQG8GBEU2rviWqQsYovRl9YOMGa9vmeZApTa5y
-WwTbI7OFitfVAgPuLymWActbEBREJfKx5A3RDV/HSgO1UjXs/FEOzbj2RSOT14T5
-+tliAL+bMbnLzBDdGKzCDb9Aq/6bgzYfzJFjvF4raopGYsLccqk=
-=KpEA
------END PGP SIGNATURE-----

SIGNATURES-2.2.8.txt

@@ -0,0 +1,48 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+wireshark-2.2.8.tar.bz2: 32331209 bytes
+SHA256(wireshark-2.2.8.tar.bz2)=ecf02c148c9ab6e809026ad5743fe9be1739a9840ef6fece6837a7ddfbdf7edc
+RIPEMD160(wireshark-2.2.8.tar.bz2)=58b46222b2a5cea2923c82f4eff95ad04b702f1a
+SHA1(wireshark-2.2.8.tar.bz2)=605d4323e9ac0122eca47a5c17ec14daf34b1ea1
+MD5(wireshark-2.2.8.tar.bz2)=bb81d0ecf3a8ed46bedfaeae6fd318a8
+
+Wireshark-win32-2.2.8.exe: 44569240 bytes
+SHA256(Wireshark-win32-2.2.8.exe)=7bfd50b9bbeeba6cc55c8f660e9e44c643791ee306227584299b560843f1564c
+RIPEMD160(Wireshark-win32-2.2.8.exe)=5862ef866c657cedca6ee587a9e87387fd1bac8f
+SHA1(Wireshark-win32-2.2.8.exe)=6c86be620ef189b5f1637b2c9f6bd576fee9894f
+MD5(Wireshark-win32-2.2.8.exe)=65e04d901c65d704ab936d0f9ecfb0e2
+
+Wireshark-win64-2.2.8.exe: 49409656 bytes
+SHA256(Wireshark-win64-2.2.8.exe)=caa8e6b1a69964594cfc5d4ebd16255a8ba80f54044c0d9c9352a798bde2bc89
+RIPEMD160(Wireshark-win64-2.2.8.exe)=9fd69129d4bd1a1c3b08396100eb000e109fd32b
+SHA1(Wireshark-win64-2.2.8.exe)=23e3b2d6d917d60c106c9a52f1d603be7cef3e82
+MD5(Wireshark-win64-2.2.8.exe)=60d00d0e82eacf9bad6cabf052356e3d
+
+WiresharkPortable_2.2.8.paf.exe: 46164528 bytes
+SHA256(WiresharkPortable_2.2.8.paf.exe)=510f9e1105e145739ee1cebfcad4ad8ab20d3336623ce807b3dd8d925dbebf8c
+RIPEMD160(WiresharkPortable_2.2.8.paf.exe)=f9a4fc82a59c60b1d616c5df6515d553d1d2157a
+SHA1(WiresharkPortable_2.2.8.paf.exe)=64bc24c167998323212abb8330ea1ab52de6122c
+MD5(WiresharkPortable_2.2.8.paf.exe)=72c677725c9e218450dc2a63db5e11ba
+
+Wireshark 2.2.8 Intel 64.dmg: 33444845 bytes
+SHA256(Wireshark 2.2.8 Intel 64.dmg)=efc681a6ef2bb52e76e15853c5d1b143078c548951d256283a53cc61c894d77f
+RIPEMD160(Wireshark 2.2.8 Intel 64.dmg)=c64e6ce2ce586a3ccdd179e265d1469a43b7883d
+SHA1(Wireshark 2.2.8 Intel 64.dmg)=b066c7bf1c90b3287ab1ced3ea3e430e6e7c94d4
+MD5(Wireshark 2.2.8 Intel 64.dmg)=3aca252edf8518be821ab100b8efdd0d
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlluTowACgkQgiRKeOb+
+rupG1A/+Jth6yo6f7DJLTsk6s/pSFxYOe32PDROBj7IxQ5FM3OQZ4ILcX3MoFdba
+sY/v9+GyLvXg9O/mPywGsD6SHPkyScHi891uvALuw6k7oy6/0V7dLvQVvaPo+nHb
+S+SIgbUWsztSgj4PARiSCr8QLbmHpZ8d1EwAecDBrLaPGMsANWToHASu+rRKtjGe
+MDyxPRj6GLwoAIkb6B2PKfuL3FjJA+YAbI/AMlHKIQBuqV/Zlbxkpgy76eHH7NKe
+SKLWW1hgnyC4/DIxfPUz3WwHAnt2MgdGjljVCZnUVi6HBmFtbChwNP9VuVXh/b6C
+cIIMu0TehXrRvSFytDwvYGJDzlaYuasNIiAVKBtQtJA4VGE4cewN6mZBux0o1eCJ
+0H5fUIVZFEY5OaaDywYl2K8p+v5Nf0K2b/lIqZIwCeMFoywrSMtH6PUb+jmziBg4
+6umoPJQO03t8R/DS4e1UQnY9vVzMFNBhjH5/WzGI3qv6fuGnfaZrcAzhvJlFsr39
+m9DtPej0i7aA3YvSfVDG25/4sSoJocvZT3wsoMv9xMo+XUZHzraG+VSZylsE71DR
+CJF5KFGIfugraHDxIlvxtRTSkkXe5hdC7nW+qBw1OL+5vLt5sUIHXDeYz2uLUIPf
+VSAZSNzZlUODd7X55jgDlQegfntUiUh31hs5urD1zM3eNfjJKdw=
+=5kXd
+-----END PGP SIGNATURE-----

wireshark-2.2.7.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:689ddf62221b152779d8846ab5b2063cc7fd41ec1a9f04eefab09b5d5486dbb5
-size 32309420

wireshark-2.2.8.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ecf02c148c9ab6e809026ad5743fe9be1739a9840ef6fece6837a7ddfbdf7edc
+size 32331209

wireshark.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue Jul 18 21:29:37 UTC 2017 - astieger@suse.com
+
+- Wireshark 2.2.8 (bsc#1049255):
+  This release fixes minor vulnerabilities that could be used to
+  trigger dissector crashes, infinite loopsm or cause excessive use
+  of memory resources by making Wireshark read specially crafted
+  packages from the network or a capture file:
+  * CVE-2017-7702 CVE-2017-11410: WBMXL dissector infinite loop
+    (wnpa-sec-2017-13)
+  * CVE-2017-9350 CVE-2017-11411: openSAFETY dissector memory
+    exhaustion (wnpa-sec-2017-28)
+  * CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34)
+  * CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35)
+  * CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36)
+
 -------------------------------------------------------------------
 Fri Jun  2 09:21:15 UTC 2017 - astieger@suse.com
 

wireshark.spec

@@ -36,7 +36,7 @@
 %bcond_with geoip
 %endif
 Name:           wireshark
-Version:        2.2.7
+Version:        2.2.8
 Release:        0
 Summary:        A Network Traffic Analyser
 License:        GPL-2.0+ and GPL-3.0+