SUSE-SU-2015:1046-1: moderate: Security update for wireshark

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jun 11 12:06:42 MDT 2015 

   SUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1046-1
Rating:             moderate
References:         #930689 #930691 
Cross-References:   CVE-2015-3811 CVE-2015-3812 CVE-2015-3813
                    CVE-2015-3814
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:

   Wireshark was updated to 1.10.14 to fix four security issues.

   The following vulnerabilities have been fixed:

   * CVE-2015-3811: The WCP dissector could crash while decompressing data.
     (wnpa-sec-2015-14)
   * CVE-2015-3812: The X11 dissector could leak memory. (wnpa-sec-2015-15)
   * CVE-2015-3813: The packet reassembly code could leak memory.
     (wnpa-sec-2015-16)
   * CVE-2015-3814: The IEEE 802.11 dissector could go into an infinite loop.
     (wnpa-sec-2015-17)


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-266=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-266=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-266=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      wireshark-debuginfo-1.10.14-12.1
      wireshark-debugsource-1.10.14-12.1
      wireshark-devel-1.10.14-12.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      wireshark-1.10.14-12.1
      wireshark-debuginfo-1.10.14-12.1
      wireshark-debugsource-1.10.14-12.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      wireshark-1.10.14-12.1
      wireshark-debuginfo-1.10.14-12.1
      wireshark-debugsource-1.10.14-12.1


References:

   https://www.suse.com/security/cve/CVE-2015-3811.html
   https://www.suse.com/security/cve/CVE-2015-3812.html
   https://www.suse.com/security/cve/CVE-2015-3813.html
   https://www.suse.com/security/cve/CVE-2015-3814.html
   https://bugzilla.suse.com/930689
   https://bugzilla.suse.com/930691

More information about the sle-security-updates mailing list