openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0899-1 Rating: moderate References: #1088200 Cross-References: CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (boo#1088200): - CVE-2018-9264: ADB dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9259: MP4 dissector crash - Memory leaks in multiple dissectors: CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 This update also contains all upstream bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-347=1 Package List: - openSUSE Leap 42.3 (x86_64): wireshark-2.2.14-38.1 wireshark-debuginfo-2.2.14-38.1 wireshark-debugsource-2.2.14-38.1 wireshark-devel-2.2.14-38.1 wireshark-ui-gtk-2.2.14-38.1 wireshark-ui-gtk-debuginfo-2.2.14-38.1 wireshark-ui-qt-2.2.14-38.1 wireshark-ui-qt-debuginfo-2.2.14-38.1 References: https://www.suse.com/security/cve/CVE-2018-9256.html https://www.suse.com/security/cve/CVE-2018-9259.html https://www.suse.com/security/cve/CVE-2018-9260.html https://www.suse.com/security/cve/CVE-2018-9261.html https://www.suse.com/security/cve/CVE-2018-9262.html https://www.suse.com/security/cve/CVE-2018-9263.html https://www.suse.com/security/cve/CVE-2018-9264.html https://www.suse.com/security/cve/CVE-2018-9265.html https://www.suse.com/security/cve/CVE-2018-9266.html https://www.suse.com/security/cve/CVE-2018-9267.html https://www.suse.com/security/cve/CVE-2018-9268.html https://www.suse.com/security/cve/CVE-2018-9269.html https://www.suse.com/security/cve/CVE-2018-9270.html https://www.suse.com/security/cve/CVE-2018-9271.html https://www.suse.com/security/cve/CVE-2018-9272.html https://www.suse.com/security/cve/CVE-2018-9273.html https://www.suse.com/security/cve/CVE-2018-9274.html https://bugzilla.suse.com/1088200