Wireshark recently made an announcement on their website about new versions launched, which also included some security fixes: Wireshark 1.8.12: http://www.wireshark.org/lists/wireshark-announce/201312/msg00001.html Wireshark 1.10.4: http://www.wireshark.org/lists/wireshark-announce/201312/msg00000.html Quoted from their website for CVE-2013-7112: "The following vulnerabilities have been fixed. wnpa-sec-2013-66 The SIP dissector could go into an infinite loop.Discovered by Alain Botti. (Bug 9388: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388) Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 CVE-2013-7112." References: https://bugs.gentoo.org/show_bug.cgi?id=494612
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1044512]
Fix was backported to 1.10.3
(In reply to Peter Lemenkov from comment #2) > Fix was backported to 1.10.3 That's fantastic news but doesn't mean you can close the bug. Please leave it open. This affects more than Fedora (if Fedora is fixed, feel free to note that in the _Fedora_ bug, not this one). Thanks.
External References: http://www.wireshark.org/security/wnpa-sec-2013-66.html
Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=53195
Statement: (none)
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0342 https://rhn.redhat.com/errata/RHSA-2014-0342.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0341 https://rhn.redhat.com/errata/RHSA-2014-0341.html