openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0489-1 Rating: moderate References: #920695 #920696 #920697 #920698 #920699 #920700 Cross-References: CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues. The following security issues were fixed in 1.10.13: * The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] * The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] * The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html The following security issues were fixed in 1.12.4: - The following security issues were fixed: * The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695] * The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] * The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] * The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698] * The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] * The SCSI OSD dissector could go into an infinite loop. wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-226=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-226=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): wireshark-1.12.4-12.1 wireshark-debuginfo-1.12.4-12.1 wireshark-debugsource-1.12.4-12.1 wireshark-devel-1.12.4-12.1 wireshark-ui-gtk-1.12.4-12.1 wireshark-ui-gtk-debuginfo-1.12.4-12.1 wireshark-ui-qt-1.12.4-12.1 wireshark-ui-qt-debuginfo-1.12.4-12.1 - openSUSE 13.1 (i586 x86_64): wireshark-1.10.13-36.1 wireshark-debuginfo-1.10.13-36.1 wireshark-debugsource-1.10.13-36.1 wireshark-devel-1.10.13-36.1 References: http://support.novell.com/security/cve/CVE-2015-2187.html http://support.novell.com/security/cve/CVE-2015-2188.html http://support.novell.com/security/cve/CVE-2015-2189.html http://support.novell.com/security/cve/CVE-2015-2190.html http://support.novell.com/security/cve/CVE-2015-2191.html http://support.novell.com/security/cve/CVE-2015-2192.html https://bugzilla.suse.com/920695 https://bugzilla.suse.com/920696 https://bugzilla.suse.com/920697 https://bugzilla.suse.com/920698 https://bugzilla.suse.com/920699 https://bugzilla.suse.com/920700