*** This bug is a security vulnerability *** Public security bug reported:
Upstream provides micro-releases on the 1.10.x branch to fix bugs and security vulnerabilities. Wireshark 1.10.14 Release Notes https://www.wireshark.org/docs/relnotes/wireshark-1.10.14.html The following vulnerabilities have been fixed. wnpa-sec-2015-14 The WCP dissector could crash while decompressing data. (Bug 10978) CVE-2015-3811 wnpa-sec-2015-15 The X11 dissector could leak memory. (Bug 11088) CVE-2015-3812 wnpa-sec-2015-17 The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110) CVE-2015-3814 The following bugs have been fixed: Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217) Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713) Buffer overrun in encryption code. (Bug 10849) ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991) ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992) Interface Identifier incorrectly represented by Wireshark. (Bug 11053) Annoying popup when trying to capture on bonding devices on Linux. (Bug 11058) CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083) Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106) packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120) Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141) New and Updated Features There are no new features in this release. New Protocol Support There are no new protocols in this release. Updated Protocol Support ASN.1 PER, CANopen, GSM RLC/MAC, GSMTAP, ICMP, IEEE 802.11, LPP, MEGACO, PKCS-1, PPP IPv6CP, SRVLOC, SSL, TCP, WCP, X11, and ZigBee ZCL New and Updated Capture File Support and Savvius OmniPeek Visual Networks ** Affects: wireshark (Ubuntu) Importance: Undecided Status: New ** Tags: trusty upgrade-software-version ** Information type changed from Public to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-3811 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-3812 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-3814 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1567407 Title: [SRU] Update to bugfix release 1.10.14 in Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1567407/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
