wireshark-1.8.10-17.AXS4

Wireshark is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for wireshark. A graphical user interface is packaged
separately to GTK package.

Security issues fixed with this release:

CVE-2014-8710
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the
SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows
remote attackers to cause a denial of service (buffer over-read and
application crash) via a crafted packet.
CVE-2014-8711
Multiple integer overflows in epan/dissectors/packet-amqp.c in the
AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before
1.12.2 allow remote attackers to cause a denial of service
(application crash) via a crafted amqp_0_10 PDU in a packet.
CVE-2014-8712
The build_expert_data function in epan/dissectors/packet-ncp2222.inc
in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x
before 1.12.2 does not properly initialize a data structure, which
allows remote attackers to cause a denial of service (application
crash) via a crafted packet.
CVE-2014-8713
Stack-based buffer overflow in the build_expert_data function in
epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark
1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers
to cause a denial of service (application crash) via a crafted packet.
CVE-2014-8714
The dissect_write_structured_field function in
epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark
1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers
to cause a denial of service (infinite loop) via a crafted packet.
CVE-2015-0562
Multiple use-after-free vulnerabilities in
epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol
dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3
allow remote attackers to cause a denial of service (application
crash) via a crafted packet, related to the use of packet-scope memory
instead of pinfo-scope memory.
CVE-2015-0564
Buffer underflow in the ssl_decrypt_record function in
epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12
and 1.12.x before 1.12.3 allows remote attackers to cause a denial of
service (application crash) via a crafted packet that is improperly
handled during decryption of an SSL session.
CVE-2015-2189
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in
the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x
before 1.12.4 allows remote attackers to cause a denial of service
(out-of-bounds read and application crash) via an invalid Interface
Statistics Block (ISB) interface ID in a crafted packet.
CVE-2015-2191
Integer overflow in the dissect_tnef function in
epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark
1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers
to cause a denial of service (infinite loop) via a crafted length
field in a packet.

Fixed bugs:

* Previously, the Wireshark tool did not support Advanced Encryption Standard
Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM
was not decrypted. Support for AES-GCM has been added to Wireshark to fix this bug.
* Previously, when installing the system using the kickstart method, a
dependency on the shadow-utils packages was missing from the wireshark packages,
which could cause the installation to fail with a "bad scriptlet" error message.
With this update, the bug has been fixed.
* Prior to this update, the Wireshark tool could not decode types of elliptic
curves in Datagram Transport Layer Security (DTLS) Client Hello. Consequently,
Wireshark incorrectly displayed elliptic curves types as data. A patch has been
applied to address this bug.
* Previously, a dependency on the gtk2 packages was missing from the wireshark
packages. As a consequence, the Wireshark tool failed to start under certain
circumstances due to an unresolved symbol, "gtk_combo_box_text_new_with_entry",
which was added in gtk version 2.24. With this update, the described problem was fixed.

Enhancements:

* With this update, the Wireshark tool supports process substitution, which
feeds the output of a process (or processes) into the standard input of another
process using the "<(command_list)" syntax. When using process substitution
with large files as input, Wireshark failed to decode such input.
* Wireshark has been enhanced to enable capturing packets with nanosecond time
stamp precision, which allows better analysis of recorded network traffic.