Wireshark 1.8.9 and 1.10.1 Security Update
Wireshark fixes the following security issues to both versions.
The following dissector could go into a large loop in both versions:
Bluetooth SDP (CVE-2013-4927)
DIS ( CVE-2013-4929)
GSM RR (CVE-2013-4931)
The following parsers/dissectors could crash:
DVB-CI (CVE-2013-4930)
GSM A Common (CVE-2013-4932)
Netmon (CVE-2013-4933 and CVE-2013-4934)
ASN.1 PER (CVE-2013-4935)
The following parsers/dissectors could crash (applies to 1.10.1 only):
DCP ETSI (CVE-2013-4083)
P1 (CVE-2013-4920)
Radiotap (CVE-2013-4921)
DCOM ISystemActivator (CVE-2013-4922, CVE-2013-4923, CVE-2013-4924, CVE-2013-4925, CVE-2013-4926)
Bluetooth OBEX (CVE-2013-4928)
PROFINET (CVE-2013-4936)
Several other bugs have been fixed. A complete list for version 1.8.9 is available here and version 1.10.1 is available here.
[1] http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
[2] http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Comments