openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1974-1 Rating: low References: #991012 #991013 #991015 #991016 #991017 #991018 #991019 #991020 Cross-References: CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Wireshark was updated to 1.12.13 to fix a number of minor security issues and bugs. This release fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - CVE-2016-6504: NDS dissector crash (boo#991012) - CVE-2016-6505: PacketBB crash (boo#991013) - CVE-2016-6506: WSP infinite loop (boo#991015) - CVE-2016-6507: MMSE infinite loop (boo#991016) - CVE-2016-6508: RLC long loop (boo#991017) - CVE-2016-6509: LDSS dissector crash (boo#991018) - CVE-2016-6510: RLC dissector crash (boo#991019) - CVE-2016-6511: OpenFlow long loop (boo#991020) This update also includes further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-947=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-947=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): wireshark-1.12.13-29.1 wireshark-debuginfo-1.12.13-29.1 wireshark-debugsource-1.12.13-29.1 wireshark-devel-1.12.13-29.1 wireshark-ui-gtk-1.12.13-29.1 wireshark-ui-gtk-debuginfo-1.12.13-29.1 wireshark-ui-qt-1.12.13-29.1 wireshark-ui-qt-debuginfo-1.12.13-29.1 - openSUSE 13.2 (i586 x86_64): wireshark-1.12.13-44.1 wireshark-debuginfo-1.12.13-44.1 wireshark-debugsource-1.12.13-44.1 wireshark-devel-1.12.13-44.1 wireshark-ui-gtk-1.12.13-44.1 wireshark-ui-gtk-debuginfo-1.12.13-44.1 wireshark-ui-qt-1.12.13-44.1 wireshark-ui-qt-debuginfo-1.12.13-44.1 References: https://www.suse.com/security/cve/CVE-2016-6504.html https://www.suse.com/security/cve/CVE-2016-6505.html https://www.suse.com/security/cve/CVE-2016-6506.html https://www.suse.com/security/cve/CVE-2016-6507.html https://www.suse.com/security/cve/CVE-2016-6508.html https://www.suse.com/security/cve/CVE-2016-6509.html https://www.suse.com/security/cve/CVE-2016-6510.html https://www.suse.com/security/cve/CVE-2016-6511.html https://bugzilla.suse.com/991012 https://bugzilla.suse.com/991013 https://bugzilla.suse.com/991015 https://bugzilla.suse.com/991016 https://bugzilla.suse.com/991017 https://bugzilla.suse.com/991018 https://bugzilla.suse.com/991019 https://bugzilla.suse.com/991020