Mailinglist Archive: opensuse-updates (127 mails)

< Previous Next >
openSUSE-SU-2016:1974-1: Security update for wireshark
openSUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1974-1
Rating: low
References: #991012 #991013 #991015 #991016 #991017 #991018
#991019 #991020
Cross-References: CVE-2016-6504 CVE-2016-6505 CVE-2016-6506
CVE-2016-6507 CVE-2016-6508 CVE-2016-6509
CVE-2016-6510 CVE-2016-6511
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
______________________________________________________________________________

An update that fixes 8 vulnerabilities is now available.

Description:

Wireshark was updated to 1.12.13 to fix a number of minor security issues
and bugs.

This release fixes a number issues in protocol dissectors that could have
allowed a remote attacker to crash Wireshark or cause excessive CPU usage
through specially crafted packages inserted into the network or a capture
file.

- CVE-2016-6504: NDS dissector crash (boo#991012)
- CVE-2016-6505: PacketBB crash (boo#991013)
- CVE-2016-6506: WSP infinite loop (boo#991015)
- CVE-2016-6507: MMSE infinite loop (boo#991016)
- CVE-2016-6508: RLC long loop (boo#991017)
- CVE-2016-6509: LDSS dissector crash (boo#991018)
- CVE-2016-6510: RLC dissector crash (boo#991019)
- CVE-2016-6511: OpenFlow long loop (boo#991020)

This update also includes further bug fixes and updated protocol support
as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-947=1

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-947=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

wireshark-1.12.13-29.1
wireshark-debuginfo-1.12.13-29.1
wireshark-debugsource-1.12.13-29.1
wireshark-devel-1.12.13-29.1
wireshark-ui-gtk-1.12.13-29.1
wireshark-ui-gtk-debuginfo-1.12.13-29.1
wireshark-ui-qt-1.12.13-29.1
wireshark-ui-qt-debuginfo-1.12.13-29.1

- openSUSE 13.2 (i586 x86_64):

wireshark-1.12.13-44.1
wireshark-debuginfo-1.12.13-44.1
wireshark-debugsource-1.12.13-44.1
wireshark-devel-1.12.13-44.1
wireshark-ui-gtk-1.12.13-44.1
wireshark-ui-gtk-debuginfo-1.12.13-44.1
wireshark-ui-qt-1.12.13-44.1
wireshark-ui-qt-debuginfo-1.12.13-44.1


References:

https://www.suse.com/security/cve/CVE-2016-6504.html
https://www.suse.com/security/cve/CVE-2016-6505.html
https://www.suse.com/security/cve/CVE-2016-6506.html
https://www.suse.com/security/cve/CVE-2016-6507.html
https://www.suse.com/security/cve/CVE-2016-6508.html
https://www.suse.com/security/cve/CVE-2016-6509.html
https://www.suse.com/security/cve/CVE-2016-6510.html
https://www.suse.com/security/cve/CVE-2016-6511.html
https://bugzilla.suse.com/991012
https://bugzilla.suse.com/991013
https://bugzilla.suse.com/991015
https://bugzilla.suse.com/991016
https://bugzilla.suse.com/991017
https://bugzilla.suse.com/991018
https://bugzilla.suse.com/991019
https://bugzilla.suse.com/991020


< Previous Next >
This Thread
  • No further messages