SUSE-SU-2017:1174-1: moderate: Security update for wireshark
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu May 4 07:09:27 MDT 2017
SUSE Security Update: Security update for wireshark
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1174-1
Rating: moderate
References: #1002981 #1010735 #1010740 #1010752 #1010754
#1010911 #1021739 #1025913 #1027998 #1033936
#1033937 #1033938 #1033939 #1033940 #1033941
#1033942 #1033943 #1033944 #1033945 #998761
#998762 #998763 #998800 #998963 #998964
Cross-References: CVE-2016-7175 CVE-2016-7176 CVE-2016-7177
CVE-2016-7178 CVE-2016-7179 CVE-2016-7180
CVE-2016-9373 CVE-2016-9374 CVE-2016-9375
CVE-2016-9376 CVE-2017-5596 CVE-2017-5597
CVE-2017-6014 CVE-2017-7700 CVE-2017-7701
CVE-2017-7702 CVE-2017-7703 CVE-2017-7704
CVE-2017-7705 CVE-2017-7745 CVE-2017-7746
CVE-2017-7747 CVE-2017-7748
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 23 vulnerabilities and has two fixes
is now available.
Description:
Wireshark was updated to version 2.0.12, which brings several new
features, enhancements and bug fixes.
These security issues were fixed:
- CVE-2017-7700: In Wireshark the NetScaler file parser could go into an
infinite loop, triggered by a malformed capture file. This was addressed
in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936).
- CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-bgp.c by using a different
integer data type (bsc#1033937).
- CVE-2017-7702: In Wireshark the WBXML dissector could go into an
infinite loop, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/packet-wbxml.c by adding
length validation (bsc#1033938).
- CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by
packet injection or a malformed capture file. This was addressed in
epan/dissectors/packet-imap.c by calculating a line's end correctly
(bsc#1033939).
- CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-dof.c by using a different
integer data type and adjusting a return value (bsc#1033940).
- CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an
infinite loop, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/packet-rpcrdma.c by
correctly checking for going beyond the maximum offset (bsc#1033941).
- CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an
infinite loop, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/packet-sigcomp.c by
correcting a memory-size check (bsc#1033942).
- CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-slsk.c by adding checks for the
remaining length (bsc#1033943).
- CVE-2017-7747: In Wireshark the PacketBB dissector could crash,
triggered by packet injection or a malformed capture file. This was
addressed in epan/dissectors/packet-packetbb.c by restricting additions
to the protocol tree (bsc#1033944).
- CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-wsp.c by adding a length check
(bsc#1033945).
- CVE-2016-7179: Stack-based buffer overflow in
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000
dissector in Wireshark allowed remote attackers to cause a denial of
service (application crash) via a crafted packet (bsc#998963).
- CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with
memory exhaustion, triggered by network traffic or a capture file. This
was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that
certain length values were sufficiently large (bsc#1010735).
- CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite
loop, triggered by network traffic or a capture file. This was addressed
in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was
successful (bsc#1010740).
- CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a
buffer over-read, triggered by network traffic or a capture file. This
was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a
length variable properly tracked the state of a signature variable
(bsc#1010752).
- CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a
use-after-free, triggered by network traffic or a capture file. This was
addressed in epan/dissectors/packet-dcerpc-nt.c and
epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for
private strings (bsc#1010754).
- CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector
in Wireshark mishandled MAC address data, which allowed remote attackers
to cause a denial of service (out-of-bounds read and application crash)
via a crafted packet (bsc#998761).
- CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in
Wireshark called snprintf with one of its input buffers as the output
buffer, which allowed remote attackers to cause a denial of service
(copy overlap and application crash) via a crafted packet (bsc#998762).
- CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult
DCT2000 dissector in Wireshark did not restrict the number of channels,
which allowed remote attackers to cause a denial of service (buffer
over-read and application crash) via a crafted packet (bsc#998763).
- CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace
dissector in Wireshark did not properly consider whether a string is
constant, which allowed remote attackers to cause a denial of service
(use-after-free and application crash) via a crafted packet (bsc#998800).
- CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector
in Wireshark did not ensure that memory is allocated for certain data
structures, which allowed remote attackers to cause a denial of service
(invalid write access and application crash) via a crafted packet
(bsc#998964).
- CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture
file will cause an infinite loop and memory exhaustion. If the packet
size field in a packet header is null, the offset to read from will not
advance, causing continuous attempts to read the same zero length
packet. This will quickly exhaust all system memory (bsc#1025913).
- CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an
infinite loop, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/packet-asterix.c by changing
a data type to avoid an integer overflow (bsc#1021739).
- CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large
loop, triggered by packet injection or a malformed capture file. This
was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type
to avoid an integer overflow (bsc#1021739).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-wireshark-13089=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-wireshark-13089=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-wireshark-13089=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
wireshark-devel-2.0.12-36.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
wireshark-2.0.12-36.1
wireshark-gtk-2.0.12-36.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
wireshark-2.0.12-36.1
wireshark-gtk-2.0.12-36.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
wireshark-debuginfo-2.0.12-36.1
wireshark-debugsource-2.0.12-36.1
References:
https://www.suse.com/security/cve/CVE-2016-7175.html
https://www.suse.com/security/cve/CVE-2016-7176.html
https://www.suse.com/security/cve/CVE-2016-7177.html
https://www.suse.com/security/cve/CVE-2016-7178.html
https://www.suse.com/security/cve/CVE-2016-7179.html
https://www.suse.com/security/cve/CVE-2016-7180.html
https://www.suse.com/security/cve/CVE-2016-9373.html
https://www.suse.com/security/cve/CVE-2016-9374.html
https://www.suse.com/security/cve/CVE-2016-9375.html
https://www.suse.com/security/cve/CVE-2016-9376.html
https://www.suse.com/security/cve/CVE-2017-5596.html
https://www.suse.com/security/cve/CVE-2017-5597.html
https://www.suse.com/security/cve/CVE-2017-6014.html
https://www.suse.com/security/cve/CVE-2017-7700.html
https://www.suse.com/security/cve/CVE-2017-7701.html
https://www.suse.com/security/cve/CVE-2017-7702.html
https://www.suse.com/security/cve/CVE-2017-7703.html
https://www.suse.com/security/cve/CVE-2017-7704.html
https://www.suse.com/security/cve/CVE-2017-7705.html
https://www.suse.com/security/cve/CVE-2017-7745.html
https://www.suse.com/security/cve/CVE-2017-7746.html
https://www.suse.com/security/cve/CVE-2017-7747.html
https://www.suse.com/security/cve/CVE-2017-7748.html
https://bugzilla.suse.com/1002981
https://bugzilla.suse.com/1010735
https://bugzilla.suse.com/1010740
https://bugzilla.suse.com/1010752
https://bugzilla.suse.com/1010754
https://bugzilla.suse.com/1010911
https://bugzilla.suse.com/1021739
https://bugzilla.suse.com/1025913
https://bugzilla.suse.com/1027998
https://bugzilla.suse.com/1033936
https://bugzilla.suse.com/1033937
https://bugzilla.suse.com/1033938
https://bugzilla.suse.com/1033939
https://bugzilla.suse.com/1033940
https://bugzilla.suse.com/1033941
https://bugzilla.suse.com/1033942
https://bugzilla.suse.com/1033943
https://bugzilla.suse.com/1033944
https://bugzilla.suse.com/1033945
https://bugzilla.suse.com/998761
https://bugzilla.suse.com/998762
https://bugzilla.suse.com/998763
https://bugzilla.suse.com/998800
https://bugzilla.suse.com/998963
https://bugzilla.suse.com/998964
More information about the sle-updates
mailing list