openSUSE Security Update: Security update for Wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0937-1 Rating: moderate References: #930691 Cross-References: CVE-2015-3811 CVE-2015-3812 CVE-2015-3814 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Wireshark was updated to 1.10.14 to fix three security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-3811: The WCP dissector could crash while decompressing data (wnpa-sec-2015-14) * CVE-2015-3812: The X11 dissector could leak memory (wnpa-sec-2015-15) * CVE-2015-3814: The IEEE 802.11 dissector could go into an infinite loop (wnpa-sec-2015-17) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2015-380=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): wireshark-1.10.14-39.1 wireshark-debuginfo-1.10.14-39.1 wireshark-debugsource-1.10.14-39.1 wireshark-devel-1.10.14-39.1 References: https://www.suse.com/security/cve/CVE-2015-3811.html https://www.suse.com/security/cve/CVE-2015-3812.html https://www.suse.com/security/cve/CVE-2015-3814.html https://bugzilla.suse.com/930691