openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1534-1 Rating: low References: #1042298 #1042299 #1042300 #1042301 #1042302 #1042303 #1042304 #1042305 #1042306 #1042307 #1042308 #1042309 #1042330 Cross-References: CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: This update for wireshark fixes minor vulnerabilities that could be used to trigger dissector crashes, infinite loops, or cause excessive use of CPU resources by making Wireshark read specially crafted packages from the network or a capture file: - CVE-2017-9352: Bazaar dissector infinite loop (boo#1042304) - CVE-2017-9348: DOF dissector read overflow (boo#1042303) - CVE-2017-9351: DHCP dissector read overflow (boo#1042302) - CVE-2017-9346: SoulSeek dissector infinite loop (boo#1042301) - CVE-2017-9345: DNS dissector infinite loop (boo#1042300) - CVE-2017-9349: DICOM dissector infinite loop (boo#1042305) - CVE-2017-9350: openSAFETY dissector memory exhaustion (boo#1042299) - CVE-2017-9344: BT L2CAP dissector divide by zero (boo#1042298) - CVE-2017-9343: MSNIP dissector crash (boo#1042309) - CVE-2017-9347: ROS dissector crash (boo#1042308) - CVE-2017-9354: RGMP dissector crash (boo#1042307) - CVE-2017-9353: IPv6 dissector crash (boo#1042306) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-674=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): wireshark-2.2.7-14.6.1 wireshark-debuginfo-2.2.7-14.6.1 wireshark-debugsource-2.2.7-14.6.1 wireshark-devel-2.2.7-14.6.1 wireshark-ui-gtk-2.2.7-14.6.1 wireshark-ui-gtk-debuginfo-2.2.7-14.6.1 wireshark-ui-qt-2.2.7-14.6.1 wireshark-ui-qt-debuginfo-2.2.7-14.6.1 References: https://www.suse.com/security/cve/CVE-2017-9343.html https://www.suse.com/security/cve/CVE-2017-9344.html https://www.suse.com/security/cve/CVE-2017-9345.html https://www.suse.com/security/cve/CVE-2017-9346.html https://www.suse.com/security/cve/CVE-2017-9347.html https://www.suse.com/security/cve/CVE-2017-9348.html https://www.suse.com/security/cve/CVE-2017-9349.html https://www.suse.com/security/cve/CVE-2017-9350.html https://www.suse.com/security/cve/CVE-2017-9351.html https://www.suse.com/security/cve/CVE-2017-9352.html https://www.suse.com/security/cve/CVE-2017-9353.html https://www.suse.com/security/cve/CVE-2017-9354.html https://bugzilla.suse.com/1042298 https://bugzilla.suse.com/1042299 https://bugzilla.suse.com/1042300 https://bugzilla.suse.com/1042301 https://bugzilla.suse.com/1042302 https://bugzilla.suse.com/1042303 https://bugzilla.suse.com/1042304 https://bugzilla.suse.com/1042305 https://bugzilla.suse.com/1042306 https://bugzilla.suse.com/1042307 https://bugzilla.suse.com/1042308 https://bugzilla.suse.com/1042309 https://bugzilla.suse.com/1042330