openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1087-1 Rating: moderate References: #1033936 #1033937 #1033938 #1033939 #1033940 #1033941 #1033942 #1033943 #1033944 #1033945 Cross-References: CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update to Wireshark 2.2.6 fixes minor vulnerabilities that could be used to trigger a dissector crash or infinite loops by sending specially crafted packages over the network or into a capture file: * CVE-2017-7700: NetScaler file parser infinite loop (boo#1033936) * CVE-2017-7701: BGP dissector infinite loop (boo#1033937) * CVE-2017-7702: WBMXL dissector infinite loop (boo#1033938) * CVE-2017-7703: IMAP dissector crash (boo#1033939) * CVE-2017-7704: DOF dissector infinite loop (boo#1033940) * CVE-2017-7705: RPCoRDMA dissector infinite loop (boo#1033941) * CVE-2017-7745: SIGCOMP dissector infinite loop (boo#1033942) * CVE-2017-7746: SLSK dissector long loop (boo#1033943) * CVE-2017-7747: PacketBB dissector crash (boo#1033944) * CVE-2017-7748: WSP dissector infinite loop (boo#1033945) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-503=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): wireshark-2.2.6-14.3.1 wireshark-debuginfo-2.2.6-14.3.1 wireshark-debugsource-2.2.6-14.3.1 wireshark-devel-2.2.6-14.3.1 wireshark-ui-gtk-2.2.6-14.3.1 wireshark-ui-gtk-debuginfo-2.2.6-14.3.1 wireshark-ui-qt-2.2.6-14.3.1 wireshark-ui-qt-debuginfo-2.2.6-14.3.1 References: https://www.suse.com/security/cve/CVE-2017-7700.html https://www.suse.com/security/cve/CVE-2017-7701.html https://www.suse.com/security/cve/CVE-2017-7702.html https://www.suse.com/security/cve/CVE-2017-7703.html https://www.suse.com/security/cve/CVE-2017-7704.html https://www.suse.com/security/cve/CVE-2017-7705.html https://www.suse.com/security/cve/CVE-2017-7745.html https://www.suse.com/security/cve/CVE-2017-7746.html https://www.suse.com/security/cve/CVE-2017-7747.html https://www.suse.com/security/cve/CVE-2017-7748.html https://bugzilla.suse.com/1033936 https://bugzilla.suse.com/1033937 https://bugzilla.suse.com/1033938 https://bugzilla.suse.com/1033939 https://bugzilla.suse.com/1033940 https://bugzilla.suse.com/1033941 https://bugzilla.suse.com/1033942 https://bugzilla.suse.com/1033943 https://bugzilla.suse.com/1033944 https://bugzilla.suse.com/1033945