Mailinglist Archive: opensuse-updates (111 mails)

< Previous Next >
openSUSE-SU-2018:0540-1: moderate: Security update for wireshark
openSUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:0540-1
Rating: moderate
References: #1082692
Cross-References: CVE-2018-7320 CVE-2018-7321 CVE-2018-7322
CVE-2018-7323 CVE-2018-7324 CVE-2018-7325
CVE-2018-7326 CVE-2018-7327 CVE-2018-7328
CVE-2018-7329 CVE-2018-7330 CVE-2018-7331
CVE-2018-7332 CVE-2018-7333 CVE-2018-7334
CVE-2018-7335 CVE-2018-7336 CVE-2018-7337
CVE-2018-7417 CVE-2018-7418 CVE-2018-7419
CVE-2018-7420 CVE-2018-7421
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 23 vulnerabilities is now available.

Description:

This update for Wireshark to version 2.2.13 fixes a number of minor
vulnerabilities that could be used to trigger dissector crashes or cause
dissectors to go into large infinite loops by making Wireshark read
specially crafted packages from the network or capture files:
(boo#1082692):

- CVE-2018-7335: The IEEE 802.11 dissector could crash
- CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324,
CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328,
CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332,
CVE-2018-7333, CVE-2018-7421: Multiple dissectors could go into large
infinite loops
- CVE-2018-7334: The UMTS MAC dissector could crash
- CVE-2018-7337: The DOCSIS dissector could crash
- CVE-2018-7336: The FCP dissector could crash
- CVE-2018-7320: The SIGCOMP dissector could crash
- CVE-2018-7420: The pcapng file parser could crash
- CVE-2018-7417: The IPMI dissector could crash
- CVE-2018-7418: The SIGCOMP dissector could crash
- CVE-2018-7419: The NBAP disssector could crash

This update also contains further bug fixes and updated protocol support
as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-210=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (x86_64):

wireshark-2.2.13-35.1
wireshark-debuginfo-2.2.13-35.1
wireshark-debugsource-2.2.13-35.1
wireshark-devel-2.2.13-35.1
wireshark-ui-gtk-2.2.13-35.1
wireshark-ui-gtk-debuginfo-2.2.13-35.1
wireshark-ui-qt-2.2.13-35.1
wireshark-ui-qt-debuginfo-2.2.13-35.1


References:

https://www.suse.com/security/cve/CVE-2018-7320.html
https://www.suse.com/security/cve/CVE-2018-7321.html
https://www.suse.com/security/cve/CVE-2018-7322.html
https://www.suse.com/security/cve/CVE-2018-7323.html
https://www.suse.com/security/cve/CVE-2018-7324.html
https://www.suse.com/security/cve/CVE-2018-7325.html
https://www.suse.com/security/cve/CVE-2018-7326.html
https://www.suse.com/security/cve/CVE-2018-7327.html
https://www.suse.com/security/cve/CVE-2018-7328.html
https://www.suse.com/security/cve/CVE-2018-7329.html
https://www.suse.com/security/cve/CVE-2018-7330.html
https://www.suse.com/security/cve/CVE-2018-7331.html
https://www.suse.com/security/cve/CVE-2018-7332.html
https://www.suse.com/security/cve/CVE-2018-7333.html
https://www.suse.com/security/cve/CVE-2018-7334.html
https://www.suse.com/security/cve/CVE-2018-7335.html
https://www.suse.com/security/cve/CVE-2018-7336.html
https://www.suse.com/security/cve/CVE-2018-7337.html
https://www.suse.com/security/cve/CVE-2018-7417.html
https://www.suse.com/security/cve/CVE-2018-7418.html
https://www.suse.com/security/cve/CVE-2018-7419.html
https://www.suse.com/security/cve/CVE-2018-7420.html
https://www.suse.com/security/cve/CVE-2018-7421.html
https://bugzilla.suse.com/1082692


< Previous Next >
This Thread
  • No further messages