Operating System:

[Debian]

Published:

28 January 2015

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0187
                         wireshark security update
                              28 January 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wireshark
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-0564 CVE-2015-0562 

Reference:         ASB-2015.0001

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3141

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3141-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
January 27, 2015                       http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : wireshark
CVE ID         : CVE-2015-0562 CVE-2015-0564

Multiple vulnerabilities were discovered in the dissectors/parsers for
SSL/TLS and DEC DNA, which could result in denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 1.8.2-5wheezy14.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 1.12.1+g01b65bf-3.

For the unstable distribution (sid), these problems have been fixed in
version 1.12.1+g01b65bf-3.

We recommend that you upgrade your wireshark packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUx3VDAAoJEBDCk7bDfE42rlIP+wTiQD2J3n0R86mUI6NksGid
FBxk/BRDyQV50rL1QALe03sDpiOFvCnsEZNVolhfuCh9cePSAJ0wACgtNoMQAhzS
kRAEj+G6tO19TBDLJwO2ZIUaGmSFX73c+f3gSf8K9J2WSl2jSLOrm7oKj+imiD0I
V99RgAdXkhqK9Aw03yo79jty/daoZli+Oro7mRQOOUTg9e5D9zCPvn0yCqFNrU0n
NeWD0Eu8/u0VWedph71yKXLDPEHKl2xu3Krl1CLzmC5eiXYPobqbUgOsDrcb/m4m
EvuRMKtwHZyR4ggVxIxJdkZUn/wFKbDTHsjAeCT0haImY2S2+aGGigd7qboK/qAK
o8ruAMUO0ybvN0IZMGBeQW8hpjfV039XgqqlNuy1VDhEKqK0meMR4C9Urw+dYCVY
Glh+ONDpcquMMjpLxNAo82A3pckWr4L8qvLjt9XO0YERn7u0N/oqAJeBK/1Ie8pN
qAHuniTSFLDdjKRfCpD1mMos3hq8UvMM/il8h2qD/iyjMo58/ujyRMC3rY4CgVqA
O5TzHrsrebY5c26yq88AMGFlsnKreE1Zp8kl6DcSccTjzhaGYXNUikuW95KXpmNI
WKx4UHlCyYZBcO3U5gyuGTMh3OZ7EpMCX6wVx9pa7K+lDTe0QdxTUROg1lPiBUsD
gMEMoJq5fwq2EMF5GDV8
=PXL5
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVMgzFBLndAQH1ShLAQLbHA//WEhgiYTooG00sWz2MZOk//OOeWShTC24
zYnTUATzJrk/JF3LwD8cQYR+B9p/2q5FVjBs2T+PQ2YmPl13k7ovJVpdxCpi71QC
C3caqMrTzl22gDUM7vY4f/W7YAXMeayAEn3wRo8OW/rIrEsGuRuEpM4TQ+rWpbpQ
Scm9+vOukIXFJXlfaXzzRRuM6Ee4s9vVgwEzvi1do4dsXa7B4Tn0+366KhOXxfFR
RR1LSipB/SZ4/g5FqgQAwCWr4xe5Z82Yzf8iYJOJ7oMO5GFgaQyn7a+gJdQ0QHlg
ML8JY//vpLv9N+tILyI+IyJwKD9FvGzRr79EYsuBnI2k5uafRvwwBy7UJaOagJjb
6bJEJ8yG9uiWdsraFr1XrcLqgAbhCGOCE00QyOlzGdSOj8xV2I5+8mjfMIjOS9Gc
stu//R/6gGJOGWv82ccbDrha8/1UGI0SIwofMFpFq7ywpN4d3gDpDoE+hIFBE2nN
sm8ocsuWEo4YwDdv84O1wuuF2/wm50jw+R7xOE2PEa1w2znnuBFT5eHzByyNiUBb
yYUEHtXGCt9SRlluPEgOkf65emxz1wPM6RPCtnmlU3hLH22FnlVWP1kM2C0rZ2a1
qZVdDMy9OQFyfM1gjvGJjAR9qMcxNOcpOyS+wX8EyaReAAV6qMKvo9TDsytrz4V3
/OOBtz0bSzU=
=zIM1
-----END PGP SIGNATURE-----