Mailinglist Archive: opensuse-updates (98 mails)

< Previous Next >
openSUSE-SU-2015:0489-1: moderate: Security update for wireshark
openSUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0489-1
Rating: moderate
References: #920695 #920696 #920697 #920698 #920699 #920700

Cross-References: CVE-2015-2187 CVE-2015-2188 CVE-2015-2189
CVE-2015-2190 CVE-2015-2191 CVE-2015-2192

Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:


Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security
issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and
security issues.

The following security issues were fixed in 1.10.13:
* The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188
[bnc#920696]
* The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189
[bnc#920697]
* The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10
CVE-2015-2191 [bnc#920699]
- Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html

The following security issues were fixed in 1.12.4:
- The following security issues were fixed:
* The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187
[bnc#920695]
* The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188
[bnc#920696]
* The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189
[bnc#920697]
* The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190
[bnc#920698]
* The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10
CVE-2015-2191 [bnc#920699]
* The SCSI OSD dissector could go into an infinite loop.
wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700]
- Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-226=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-226=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

wireshark-1.12.4-12.1
wireshark-debuginfo-1.12.4-12.1
wireshark-debugsource-1.12.4-12.1
wireshark-devel-1.12.4-12.1
wireshark-ui-gtk-1.12.4-12.1
wireshark-ui-gtk-debuginfo-1.12.4-12.1
wireshark-ui-qt-1.12.4-12.1
wireshark-ui-qt-debuginfo-1.12.4-12.1

- openSUSE 13.1 (i586 x86_64):

wireshark-1.10.13-36.1
wireshark-debuginfo-1.10.13-36.1
wireshark-debugsource-1.10.13-36.1
wireshark-devel-1.10.13-36.1


References:

http://support.novell.com/security/cve/CVE-2015-2187.html
http://support.novell.com/security/cve/CVE-2015-2188.html
http://support.novell.com/security/cve/CVE-2015-2189.html
http://support.novell.com/security/cve/CVE-2015-2190.html
http://support.novell.com/security/cve/CVE-2015-2191.html
http://support.novell.com/security/cve/CVE-2015-2192.html
https://bugzilla.suse.com/920695
https://bugzilla.suse.com/920696
https://bugzilla.suse.com/920697
https://bugzilla.suse.com/920698
https://bugzilla.suse.com/920699
https://bugzilla.suse.com/920700


< Previous Next >
This Thread
  • No further messages