SUSE-SU-2018:0981-1: moderate: Security update for wireshark

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Apr 19 04:14:19 MDT 2018


   SUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0981-1
Rating:             moderate
References:         #1088200 
Cross-References:   CVE-2018-9256 CVE-2018-9259 CVE-2018-9260
                    CVE-2018-9261 CVE-2018-9262 CVE-2018-9263
                    CVE-2018-9264 CVE-2018-9265 CVE-2018-9266
                    CVE-2018-9267 CVE-2018-9268 CVE-2018-9269
                    CVE-2018-9270 CVE-2018-9271 CVE-2018-9272
                    CVE-2018-9273 CVE-2018-9274
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

   An update that fixes 17 vulnerabilities is now available.

Description:

   This update for wireshark fixes the following issues:

   - Update to wireshark 2.2.14, fix such issues:
     * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in
       2.2.14, 2.4.6
     * CVE-2018-9256: LWAPP dissector crash
     * CVE-2018-9260: IEEE 802.15.4 dissector crash
     * CVE-2018-9261: NBAP dissector crash
     * CVE-2018-9262: VLAN dissector crash
     * CVE-2018-9263: Kerberos dissector crash
     * CVE-2018-9264: ADB dissector crash
     * CVE-2018-9265: tn3270 dissector has a memory leak
     * CVE-2018-9266: ISUP dissector memory leak
     * CVE-2018-9267: LAPD dissector memory leak
     * CVE-2018-9268: SMB2 dissector memory leak
     * CVE-2018-9269: GIOP dissector memory leak
     * CVE-2018-9270: OIDS dissector memory leak
     * CVE-2018-9271: multipart dissector memory leak
     * CVE-2018-9272: h223 dissector memory leak
     * CVE-2018-9273: pcp dissector memory leak
     * CVE-2018-9274: failure message memory leak
     * CVE-2018-9259: MP4 dissector crash


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-658=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-658=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-658=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      wireshark-debuginfo-2.2.14-48.24.1
      wireshark-debugsource-2.2.14-48.24.1
      wireshark-devel-2.2.14-48.24.1

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      libwireshark8-2.2.14-48.24.1
      libwireshark8-debuginfo-2.2.14-48.24.1
      libwiretap6-2.2.14-48.24.1
      libwiretap6-debuginfo-2.2.14-48.24.1
      libwscodecs1-2.2.14-48.24.1
      libwscodecs1-debuginfo-2.2.14-48.24.1
      libwsutil7-2.2.14-48.24.1
      libwsutil7-debuginfo-2.2.14-48.24.1
      wireshark-2.2.14-48.24.1
      wireshark-debuginfo-2.2.14-48.24.1
      wireshark-debugsource-2.2.14-48.24.1
      wireshark-gtk-2.2.14-48.24.1
      wireshark-gtk-debuginfo-2.2.14-48.24.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      libwireshark8-2.2.14-48.24.1
      libwireshark8-debuginfo-2.2.14-48.24.1
      libwiretap6-2.2.14-48.24.1
      libwiretap6-debuginfo-2.2.14-48.24.1
      libwscodecs1-2.2.14-48.24.1
      libwscodecs1-debuginfo-2.2.14-48.24.1
      libwsutil7-2.2.14-48.24.1
      libwsutil7-debuginfo-2.2.14-48.24.1
      wireshark-2.2.14-48.24.1
      wireshark-debuginfo-2.2.14-48.24.1
      wireshark-debugsource-2.2.14-48.24.1
      wireshark-gtk-2.2.14-48.24.1
      wireshark-gtk-debuginfo-2.2.14-48.24.1


References:

   https://www.suse.com/security/cve/CVE-2018-9256.html
   https://www.suse.com/security/cve/CVE-2018-9259.html
   https://www.suse.com/security/cve/CVE-2018-9260.html
   https://www.suse.com/security/cve/CVE-2018-9261.html
   https://www.suse.com/security/cve/CVE-2018-9262.html
   https://www.suse.com/security/cve/CVE-2018-9263.html
   https://www.suse.com/security/cve/CVE-2018-9264.html
   https://www.suse.com/security/cve/CVE-2018-9265.html
   https://www.suse.com/security/cve/CVE-2018-9266.html
   https://www.suse.com/security/cve/CVE-2018-9267.html
   https://www.suse.com/security/cve/CVE-2018-9268.html
   https://www.suse.com/security/cve/CVE-2018-9269.html
   https://www.suse.com/security/cve/CVE-2018-9270.html
   https://www.suse.com/security/cve/CVE-2018-9271.html
   https://www.suse.com/security/cve/CVE-2018-9272.html
   https://www.suse.com/security/cve/CVE-2018-9273.html
   https://www.suse.com/security/cve/CVE-2018-9274.html
   https://bugzilla.suse.com/1088200



More information about the sle-security-updates mailing list