openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0540-1 Rating: moderate References: #1082692 Cross-References: CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: This update for Wireshark to version 2.2.13 fixes a number of minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files: (boo#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash - CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333, CVE-2018-7421: Multiple dissectors could go into large infinite loops - CVE-2018-7334: The UMTS MAC dissector could crash - CVE-2018-7337: The DOCSIS dissector could crash - CVE-2018-7336: The FCP dissector could crash - CVE-2018-7320: The SIGCOMP dissector could crash - CVE-2018-7420: The pcapng file parser could crash - CVE-2018-7417: The IPMI dissector could crash - CVE-2018-7418: The SIGCOMP dissector could crash - CVE-2018-7419: The NBAP disssector could crash This update also contains further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-210=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): wireshark-2.2.13-35.1 wireshark-debuginfo-2.2.13-35.1 wireshark-debugsource-2.2.13-35.1 wireshark-devel-2.2.13-35.1 wireshark-ui-gtk-2.2.13-35.1 wireshark-ui-gtk-debuginfo-2.2.13-35.1 wireshark-ui-qt-2.2.13-35.1 wireshark-ui-qt-debuginfo-2.2.13-35.1 References: https://www.suse.com/security/cve/CVE-2018-7320.html https://www.suse.com/security/cve/CVE-2018-7321.html https://www.suse.com/security/cve/CVE-2018-7322.html https://www.suse.com/security/cve/CVE-2018-7323.html https://www.suse.com/security/cve/CVE-2018-7324.html https://www.suse.com/security/cve/CVE-2018-7325.html https://www.suse.com/security/cve/CVE-2018-7326.html https://www.suse.com/security/cve/CVE-2018-7327.html https://www.suse.com/security/cve/CVE-2018-7328.html https://www.suse.com/security/cve/CVE-2018-7329.html https://www.suse.com/security/cve/CVE-2018-7330.html https://www.suse.com/security/cve/CVE-2018-7331.html https://www.suse.com/security/cve/CVE-2018-7332.html https://www.suse.com/security/cve/CVE-2018-7333.html https://www.suse.com/security/cve/CVE-2018-7334.html https://www.suse.com/security/cve/CVE-2018-7335.html https://www.suse.com/security/cve/CVE-2018-7336.html https://www.suse.com/security/cve/CVE-2018-7337.html https://www.suse.com/security/cve/CVE-2018-7417.html https://www.suse.com/security/cve/CVE-2018-7418.html https://www.suse.com/security/cve/CVE-2018-7419.html https://www.suse.com/security/cve/CVE-2018-7420.html https://www.suse.com/security/cve/CVE-2018-7421.html https://bugzilla.suse.com/1082692