openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:0661-1 Rating: moderate References: #961170 #968565 Cross-References: CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: Wireshark was updated to 1.12.10, fixing a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file, specifically: - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html The following non-security bugs were fixed: - boo#961170: Recommend wireshark-ui instead of requiring it to support text-only used Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch 2016-302=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): wireshark-1.12.10-50.1 wireshark-debuginfo-1.12.10-50.1 wireshark-debugsource-1.12.10-50.1 wireshark-devel-1.12.10-50.1 wireshark-ui-gtk-1.12.10-50.1 wireshark-ui-gtk-debuginfo-1.12.10-50.1 wireshark-ui-qt-1.12.10-50.1 wireshark-ui-qt-debuginfo-1.12.10-50.1 References: https://www.suse.com/security/cve/CVE-2016-2523.html https://www.suse.com/security/cve/CVE-2016-2530.html https://www.suse.com/security/cve/CVE-2016-2531.html https://www.suse.com/security/cve/CVE-2016-2532.html https://bugzilla.suse.com/961170 https://bugzilla.suse.com/968565