Mailinglist Archive: opensuse-updates (116 mails)

< Previous Next >
openSUSE-SU-2017:1534-1: Security update for wireshark
openSUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:1534-1
Rating: low
References: #1042298 #1042299 #1042300 #1042301 #1042302
#1042303 #1042304 #1042305 #1042306 #1042307
#1042308 #1042309 #1042330
Cross-References: CVE-2017-9343 CVE-2017-9344 CVE-2017-9345
CVE-2017-9346 CVE-2017-9347 CVE-2017-9348
CVE-2017-9349 CVE-2017-9350 CVE-2017-9351
CVE-2017-9352 CVE-2017-9353 CVE-2017-9354

Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves 12 vulnerabilities and has one errata
is now available.

Description:

This update for wireshark fixes minor vulnerabilities that could be used
to trigger dissector crashes, infinite loops,
or cause excessive use of CPU resources by making Wireshark read specially
crafted packages from the network or a capture file:

- CVE-2017-9352: Bazaar dissector infinite loop (boo#1042304)
- CVE-2017-9348: DOF dissector read overflow (boo#1042303)
- CVE-2017-9351: DHCP dissector read overflow (boo#1042302)
- CVE-2017-9346: SoulSeek dissector infinite loop (boo#1042301)
- CVE-2017-9345: DNS dissector infinite loop (boo#1042300)
- CVE-2017-9349: DICOM dissector infinite loop (boo#1042305)
- CVE-2017-9350: openSAFETY dissector memory exhaustion (boo#1042299)
- CVE-2017-9344: BT L2CAP dissector divide by zero (boo#1042298)
- CVE-2017-9343: MSNIP dissector crash (boo#1042309)
- CVE-2017-9347: ROS dissector crash (boo#1042308)
- CVE-2017-9354: RGMP dissector crash (boo#1042307)
- CVE-2017-9353: IPv6 dissector crash (boo#1042306)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-674=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.2 (x86_64):

wireshark-2.2.7-14.6.1
wireshark-debuginfo-2.2.7-14.6.1
wireshark-debugsource-2.2.7-14.6.1
wireshark-devel-2.2.7-14.6.1
wireshark-ui-gtk-2.2.7-14.6.1
wireshark-ui-gtk-debuginfo-2.2.7-14.6.1
wireshark-ui-qt-2.2.7-14.6.1
wireshark-ui-qt-debuginfo-2.2.7-14.6.1


References:

https://www.suse.com/security/cve/CVE-2017-9343.html
https://www.suse.com/security/cve/CVE-2017-9344.html
https://www.suse.com/security/cve/CVE-2017-9345.html
https://www.suse.com/security/cve/CVE-2017-9346.html
https://www.suse.com/security/cve/CVE-2017-9347.html
https://www.suse.com/security/cve/CVE-2017-9348.html
https://www.suse.com/security/cve/CVE-2017-9349.html
https://www.suse.com/security/cve/CVE-2017-9350.html
https://www.suse.com/security/cve/CVE-2017-9351.html
https://www.suse.com/security/cve/CVE-2017-9352.html
https://www.suse.com/security/cve/CVE-2017-9353.html
https://www.suse.com/security/cve/CVE-2017-9354.html
https://bugzilla.suse.com/1042298
https://bugzilla.suse.com/1042299
https://bugzilla.suse.com/1042300
https://bugzilla.suse.com/1042301
https://bugzilla.suse.com/1042302
https://bugzilla.suse.com/1042303
https://bugzilla.suse.com/1042304
https://bugzilla.suse.com/1042305
https://bugzilla.suse.com/1042306
https://bugzilla.suse.com/1042307
https://bugzilla.suse.com/1042308
https://bugzilla.suse.com/1042309
https://bugzilla.suse.com/1042330


< Previous Next >
This Thread
  • No further messages