Mailinglist Archive: opensuse-updates (116 mails)

< Previous Next >
openSUSE-SU-2017:1534-1: Security update for wireshark
openSUSE Security Update: Security update for wireshark

Announcement ID: openSUSE-SU-2017:1534-1
Rating: low
References: #1042298 #1042299 #1042300 #1042301 #1042302
#1042303 #1042304 #1042305 #1042306 #1042307
#1042308 #1042309 #1042330
Cross-References: CVE-2017-9343 CVE-2017-9344 CVE-2017-9345
CVE-2017-9346 CVE-2017-9347 CVE-2017-9348
CVE-2017-9349 CVE-2017-9350 CVE-2017-9351
CVE-2017-9352 CVE-2017-9353 CVE-2017-9354

Affected Products:
openSUSE Leap 42.2

An update that solves 12 vulnerabilities and has one errata
is now available.


This update for wireshark fixes minor vulnerabilities that could be used
to trigger dissector crashes, infinite loops,
or cause excessive use of CPU resources by making Wireshark read specially
crafted packages from the network or a capture file:

- CVE-2017-9352: Bazaar dissector infinite loop (boo#1042304)
- CVE-2017-9348: DOF dissector read overflow (boo#1042303)
- CVE-2017-9351: DHCP dissector read overflow (boo#1042302)
- CVE-2017-9346: SoulSeek dissector infinite loop (boo#1042301)
- CVE-2017-9345: DNS dissector infinite loop (boo#1042300)
- CVE-2017-9349: DICOM dissector infinite loop (boo#1042305)
- CVE-2017-9350: openSAFETY dissector memory exhaustion (boo#1042299)
- CVE-2017-9344: BT L2CAP dissector divide by zero (boo#1042298)
- CVE-2017-9343: MSNIP dissector crash (boo#1042309)
- CVE-2017-9347: ROS dissector crash (boo#1042308)
- CVE-2017-9354: RGMP dissector crash (boo#1042307)
- CVE-2017-9353: IPv6 dissector crash (boo#1042306)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-674=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.2 (x86_64):



< Previous Next >
This Thread
  • No further messages