openSUSE-SU-2017:0664-1: Security update for Wireshark - openSUSE Updates

12 Mar 2017


      openSUSE Security Update: Security update for Wireshark
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2017:0664-1
Rating:             low
References:         #1027998 
Cross-References:   CVE-2017-6467 CVE-2017-6468 CVE-2017-6469
                    CVE-2017-6470 CVE-2017-6471 CVE-2017-6472
                    CVE-2017-6473 CVE-2017-6474
Affected Products:
                    openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for Wireshark fixes minor vulnerabilities that could be used
   to trigger a dissector crash or infinite loops by sending specially
   crafted packages over the network or into a capture file:
- CVE-2017-6467: NetScaler file parser infinite loop (wnpa-sec-2017-11)
   - CVE-2017-6468: NetScaler file parser crash (wnpa-sec-2017-08)
   - CVE-2017-6469: LDSS dissector crash (wnpa-sec-2017-03)
   - CVE-2017-6470: IAX2 dissector infinite loop (wnpa-sec-2017-10)
   - CVE-2017-6471: WSP dissector infinite loop (wnpa-sec-2017-05)
   - CVE-2017-6472: RTMTP dissector infinite loop (wnpa-sec-2017-04)
   - CVE-2017-6473: K12 file parser crash (wnpa-sec-2017-09)
   - CVE-2017-6474: NetScaler file parser infinite loop (wnpa-sec-2017-07)
   - wnpa-sec-2017-06: STANAG 4607 file parser infinite loop
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-326=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
wireshark-2.2.5-12.1
      wireshark-debuginfo-2.2.5-12.1
      wireshark-debugsource-2.2.5-12.1
      wireshark-devel-2.2.5-12.1
      wireshark-ui-gtk-2.2.5-12.1
      wireshark-ui-gtk-debuginfo-2.2.5-12.1
      wireshark-ui-qt-2.2.5-12.1
      wireshark-ui-qt-debuginfo-2.2.5-12.1
References:
https://www.suse.com/security/cve/CVE-2017-6467.html
   https://www.suse.com/security/cve/CVE-2017-6468.html
   https://www.suse.com/security/cve/CVE-2017-6469.html
   https://www.suse.com/security/cve/CVE-2017-6470.html
   https://www.suse.com/security/cve/CVE-2017-6471.html
   https://www.suse.com/security/cve/CVE-2017-6472.html
   https://www.suse.com/security/cve/CVE-2017-6473.html
   https://www.suse.com/security/cve/CVE-2017-6474.html
   https://bugzilla.suse.com/1027998