(Oracle Issues Fix for Oracle Linux) Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service
SecurityTracker Alert ID: 1034225|
SecurityTracker URL: http://securitytracker.com/id/1034225
(Links to External Site)
Date: Nov 24 2015
Denial of service via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 1.10.0 to 1.10.12, 1.12.0 to 1.12.3|
Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions on the target system.|
A remote user can send specially crafted data to cause the target application to crash.
The ATN-CPDLC dissector is affected [CVE-2015-2187]. Versions 1.12.0 to 1.12.3 are affected.
The WCP dissector is affected [CVE-2015-2188].
The pcapng file parser is affected [CVE-2015-2189].
The LLDP dissector is affected [CVE-2015-2190]. Versions 1.12.0 to 1.12.3 are affected.
A remote user can send specially crafted data to cause the target application to enter an infinite loop.
The TNEF dissector is affected [CVE-2015-2191]. Vlad Tsyrklevich reported this vulnerability.
The SCSI OSD dissector is affected [CVE-2015-2192]. Versions 1.12.0 to 1.12.3 are affected. Vlad Tsyrklevich reported this vulnerability.
A remote user can cause the target application to crash or enter an infinite loop.|
Oracle has issued a fix for CVE-2015-2188.|
The Oracle Linux advisory is available at:
Vendor URL: linux.oracle.com/errata/ELSA-2015-2393.html (Links to External Site)
|Underlying OS: Linux (Oracle)|
|Underlying OS Comments: 7|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: [El-errata] ELSA-2015-2393 Moderate: Oracle Linux 7 wireshark security, bug fix, and enhancement update|
Oracle Linux Security Advisory ELSA-2015-2393
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
Description of changes:
- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect
- Rebase some tvbuff API from upstream to 1.10.14
- Fixes crash when tvb_length_remaining() is used
- Related: CVE-2015-6244
- Security patch
- Resolves: CVE-2015-3182
- Fix crash caused by -DGDK_PIXBUF_DEPRECATED on startup
- Resolves: rhbz#1267959
- Security patches
- Resolves: CVE-2015-6243
- Security patches
- Resolves: CVE-2015-3810
- Add certificate verify message decoding in TLS extension
- Resolves: #1239150
- Upgrade to 1.10.14
- Resolves: #1238676
- add master secret extension decoding in TLS extension
- add encrypt-then-mac extension decoding in TLS extension
- Resolves: #1222901
- create pcap file if -F pcap specified
- Resolves: #1227199
- add key exchange algorithms decoding in TLS extension
- Resolves: #1222600
- add signature algorithms decoding in TLS extension
- Resolves: #1221701
- add relro check
- Resolves: #1092532
- add elliptic curves decoding in DTLS HELLO
- Resolves: #1131202
- introduced nanosecond time precision
- Resolves: #1213339
- security patches
- Resolves: #1148267
El-errata mailing list