In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
Monthly Archives: November 2016
CVE-2016-9375
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
CVE-2016-9376
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
Microsoft Security Bulletin Revision Increment For November, 2016
This bulletin summary lists one bulletin that has undergone a major revision increment.
Tips to stay safe while shopping online this holiday season
DSA-3718 drupal7 – security update
Multiple vulnerabilities has been found in the Drupal content management
framework. For additional information, please refer to the upstream advisory
at https://www.drupal.org/SA-CORE-2016-005
GLSA 201611-10: libuv: Privilege escalation
DSA-3717 gst-plugins-bad1.0 / gst-plugins-bad0.10 – security update
Chris Evans discovered that the GStreamer plugin to decode VMware screen
capture files allowed the execution of arbitrary code.
Vuln: QEMU CVE-2016-3710 Remote Code Execution Vulnerability
QEMU CVE-2016-3710 Remote Code Execution Vulnerability
Vuln: QEMU CVE-2016-4441 Remote Code Execution Vulnerability
QEMU CVE-2016-4441 Remote Code Execution Vulnerability