SUSE-SU-2017:1442-1: moderate: Security update for wireshark

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue May 30 10:10:38 MDT 2017


   SUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1442-1
Rating:             moderate
References:         #1002981 #1010735 #1010740 #1010752 #1010754 
                    #1010911 #1021739 #1025913 #1026507 #1027692 
                    #1027998 #1033936 #1033937 #1033938 #1033939 
                    #1033940 #1033941 #1033942 #1033943 #1033944 
                    #1033945 #990856 #998761 #998762 #998763 
                    #998800 #998963 #998964 
Cross-References:   CVE-2016-6354 CVE-2016-7175 CVE-2016-7176
                    CVE-2016-7177 CVE-2016-7178 CVE-2016-7179
                    CVE-2016-7180 CVE-2016-9373 CVE-2016-9374
                    CVE-2016-9375 CVE-2016-9376 CVE-2017-5596
                    CVE-2017-5597 CVE-2017-6014 CVE-2017-7700
                    CVE-2017-7701 CVE-2017-7702 CVE-2017-7703
                    CVE-2017-7704 CVE-2017-7705 CVE-2017-7745
                    CVE-2017-7746 CVE-2017-7747 CVE-2017-7748
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Desktop 12-SP2
                    SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________

   An update that solves 24 vulnerabilities and has four fixes
   is now available.

Description:


   Wireshark was updated to version 2.2.6, which brings several new features,
   enhancements and bug fixes.

   Thses security issues were fixed:

   - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an
     infinite loop, triggered by a malformed capture file. This was addressed
     in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936)
   - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite
     loop, triggered by packet injection or a malformed capture file. This
     was addressed in epan/dissectors/packet-bgp.c by using a different
     integer data type (bsc#1033937)
   - CVE-2017-7702: In Wireshark the WBXML dissector could go into an
     infinite loop, triggered by packet injection or a malformed capture
     file. This was addressed in epan/dissectors/packet-wbxml.c by adding
     length validation (bsc#1033938)
   - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by
     packet injection or a malformed capture file. This was addressed in
     epan/dissectors/packet-imap.c by calculating a line's end correctly
     (bsc#1033939)
   - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite
     loop, triggered by packet injection or a malformed capture file. This
     was addressed in epan/dissectors/packet-dof.c by using a different
     integer data type and adjusting a return value (bsc#1033940)
   - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an
     infinite loop, triggered by packet injection or a malformed capture
     file. This was addressed in epan/dissectors/packet-rpcrdma.c by
     correctly checking for going beyond the maximum offset (bsc#1033941)
   - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an
     infinite loop, triggered by packet injection or a malformed capture
     file. This was addressed in epan/dissectors/packet-sigcomp.c by
     correcting a memory-size check (bsc#1033942)
   - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite
     loop, triggered by packet injection or a malformed capture file. This
     was addressed in epan/dissectors/packet-slsk.c by adding checks for the
     remaining length (bsc#1033943)
   - CVE-2017-7747: In Wireshark the PacketBB dissector could crash,
     triggered by packet injection or a malformed capture file. This was
     addressed in epan/dissectors/packet-packetbb.c by restricting additions
     to the protocol tree (bsc#1033944)
   - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite
     loop, triggered by packet injection or a malformed capture file. This
     was addressed in epan/dissectors/packet-wsp.c by adding a length check
     (bsc#1033945)
   - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture
     file will cause an infinite loop and memory exhaustion. If the packet
     size field in a packet header is null, the offset to read from will not
     advance, causing continuous attempts to read the same zero length
     packet. This will quickly exhaust all system memory (bsc#1025913)
   - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an
     infinite loop, triggered by packet injection or a malformed capture
     file. This was addressed in epan/dissectors/packet-asterix.c by changing
     a data type to avoid an integer overflow (bsc#1021739)
   - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large
     loop, triggered by packet injection or a malformed capture file. This
     was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type
     to avoid an integer overflow (bsc#1021739)
   - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with
     memory exhaustion, triggered by network traffic or a capture file. This
     was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that
     certain length values were sufficiently large (bsc#1010735)
   - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite
     loop, triggered by network traffic or a capture file. This was addressed
     in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was
     successful (bsc#1010740)
   - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a
     buffer over-read, triggered by network traffic or a capture file. This
     was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a
     length variable properly tracked the state of a signature variable
     (bsc#1010752)
   - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a
     use-after-free, triggered by network traffic or a capture file. This was
     addressed in epan/dissectors/packet-dcerpc-nt.c and
     epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for
     private strings (bsc#1010754)
   - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace
     dissector in Wireshark did not properly consider whether a string is
     constant, which allowed remote attackers to cause a denial of service
     (use-after-free and application crash) via a crafted packet (bsc#998800)
   - CVE-2016-7179: Stack-based buffer overflow in
     epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000
     dissector in Wireshark allowed remote attackers to cause a denial of
     service (application crash) via a crafted packet (bsc#998963)
   - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector
     in Wireshark did not ensure that memory is allocated for certain data
     structures, which allowed remote attackers to cause a denial of service
     (invalid write access and application crash) via a crafted packet
     (bsc#998964)
   - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult
     DCT2000 dissector in Wireshark did not restrict the number of channels,
     which allowed remote attackers to cause a denial of service (buffer
     over-read and application crash) via a crafted packet (bsc#998763)
   - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in
     Wireshark called snprintf with one of its input buffers as the output
     buffer, which allowed remote attackers to cause a denial of service
     (copy overlap and application crash) via a crafted packet (bsc#998762)
   - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector
     in Wireshark mishandled MAC address data, which allowed remote attackers
     to cause a denial of service (out-of-bounds read and application crash)
     via a crafted packet (bsc#998761)
   - CVE-2016-6354: Heap-based buffer overflow in the yy_get_next_buffer
     function in Flex might have allowed context-dependent attackers to cause
     a denial of service or possibly execute arbitrary code via vectors
     involving num_to_read (bsc#990856).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-883=1

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-883=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-883=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-883=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-883=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-883=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-883=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

      wireshark-debuginfo-2.2.6-44.3
      wireshark-debugsource-2.2.6-44.3
      wireshark-devel-2.2.6-44.3

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

      wireshark-debuginfo-2.2.6-44.3
      wireshark-debugsource-2.2.6-44.3
      wireshark-devel-2.2.6-44.3

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      libwireshark8-2.2.6-44.3
      libwireshark8-debuginfo-2.2.6-44.3
      libwiretap6-2.2.6-44.3
      libwiretap6-debuginfo-2.2.6-44.3
      libwscodecs1-2.2.6-44.3
      libwscodecs1-debuginfo-2.2.6-44.3
      libwsutil7-2.2.6-44.3
      libwsutil7-debuginfo-2.2.6-44.3
      wireshark-2.2.6-44.3
      wireshark-debuginfo-2.2.6-44.3
      wireshark-debugsource-2.2.6-44.3
      wireshark-gtk-2.2.6-44.3
      wireshark-gtk-debuginfo-2.2.6-44.3

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):

      libwireshark8-2.2.6-44.3
      libwireshark8-debuginfo-2.2.6-44.3
      libwiretap6-2.2.6-44.3
      libwiretap6-debuginfo-2.2.6-44.3
      libwscodecs1-2.2.6-44.3
      libwscodecs1-debuginfo-2.2.6-44.3
      libwsutil7-2.2.6-44.3
      libwsutil7-debuginfo-2.2.6-44.3
      wireshark-2.2.6-44.3
      wireshark-debuginfo-2.2.6-44.3
      wireshark-debugsource-2.2.6-44.3
      wireshark-gtk-2.2.6-44.3
      wireshark-gtk-debuginfo-2.2.6-44.3

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

      libwireshark8-2.2.6-44.3
      libwireshark8-debuginfo-2.2.6-44.3
      libwiretap6-2.2.6-44.3
      libwiretap6-debuginfo-2.2.6-44.3
      libwscodecs1-2.2.6-44.3
      libwscodecs1-debuginfo-2.2.6-44.3
      libwsutil7-2.2.6-44.3
      libwsutil7-debuginfo-2.2.6-44.3
      wireshark-2.2.6-44.3
      wireshark-debuginfo-2.2.6-44.3
      wireshark-debugsource-2.2.6-44.3
      wireshark-gtk-2.2.6-44.3
      wireshark-gtk-debuginfo-2.2.6-44.3

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      libwireshark8-2.2.6-44.3
      libwireshark8-debuginfo-2.2.6-44.3
      libwiretap6-2.2.6-44.3
      libwiretap6-debuginfo-2.2.6-44.3
      libwscodecs1-2.2.6-44.3
      libwscodecs1-debuginfo-2.2.6-44.3
      libwsutil7-2.2.6-44.3
      libwsutil7-debuginfo-2.2.6-44.3
      wireshark-2.2.6-44.3
      wireshark-debuginfo-2.2.6-44.3
      wireshark-debugsource-2.2.6-44.3
      wireshark-gtk-2.2.6-44.3
      wireshark-gtk-debuginfo-2.2.6-44.3

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      libwireshark8-2.2.6-44.3
      libwireshark8-debuginfo-2.2.6-44.3
      libwiretap6-2.2.6-44.3
      libwiretap6-debuginfo-2.2.6-44.3
      libwscodecs1-2.2.6-44.3
      libwscodecs1-debuginfo-2.2.6-44.3
      libwsutil7-2.2.6-44.3
      libwsutil7-debuginfo-2.2.6-44.3
      wireshark-2.2.6-44.3
      wireshark-debuginfo-2.2.6-44.3
      wireshark-debugsource-2.2.6-44.3
      wireshark-gtk-2.2.6-44.3
      wireshark-gtk-debuginfo-2.2.6-44.3


References:

   https://www.suse.com/security/cve/CVE-2016-6354.html
   https://www.suse.com/security/cve/CVE-2016-7175.html
   https://www.suse.com/security/cve/CVE-2016-7176.html
   https://www.suse.com/security/cve/CVE-2016-7177.html
   https://www.suse.com/security/cve/CVE-2016-7178.html
   https://www.suse.com/security/cve/CVE-2016-7179.html
   https://www.suse.com/security/cve/CVE-2016-7180.html
   https://www.suse.com/security/cve/CVE-2016-9373.html
   https://www.suse.com/security/cve/CVE-2016-9374.html
   https://www.suse.com/security/cve/CVE-2016-9375.html
   https://www.suse.com/security/cve/CVE-2016-9376.html
   https://www.suse.com/security/cve/CVE-2017-5596.html
   https://www.suse.com/security/cve/CVE-2017-5597.html
   https://www.suse.com/security/cve/CVE-2017-6014.html
   https://www.suse.com/security/cve/CVE-2017-7700.html
   https://www.suse.com/security/cve/CVE-2017-7701.html
   https://www.suse.com/security/cve/CVE-2017-7702.html
   https://www.suse.com/security/cve/CVE-2017-7703.html
   https://www.suse.com/security/cve/CVE-2017-7704.html
   https://www.suse.com/security/cve/CVE-2017-7705.html
   https://www.suse.com/security/cve/CVE-2017-7745.html
   https://www.suse.com/security/cve/CVE-2017-7746.html
   https://www.suse.com/security/cve/CVE-2017-7747.html
   https://www.suse.com/security/cve/CVE-2017-7748.html
   https://bugzilla.suse.com/1002981
   https://bugzilla.suse.com/1010735
   https://bugzilla.suse.com/1010740
   https://bugzilla.suse.com/1010752
   https://bugzilla.suse.com/1010754
   https://bugzilla.suse.com/1010911
   https://bugzilla.suse.com/1021739
   https://bugzilla.suse.com/1025913
   https://bugzilla.suse.com/1026507
   https://bugzilla.suse.com/1027692
   https://bugzilla.suse.com/1027998
   https://bugzilla.suse.com/1033936
   https://bugzilla.suse.com/1033937
   https://bugzilla.suse.com/1033938
   https://bugzilla.suse.com/1033939
   https://bugzilla.suse.com/1033940
   https://bugzilla.suse.com/1033941
   https://bugzilla.suse.com/1033942
   https://bugzilla.suse.com/1033943
   https://bugzilla.suse.com/1033944
   https://bugzilla.suse.com/1033945
   https://bugzilla.suse.com/990856
   https://bugzilla.suse.com/998761
   https://bugzilla.suse.com/998762
   https://bugzilla.suse.com/998763
   https://bugzilla.suse.com/998800
   https://bugzilla.suse.com/998963
   https://bugzilla.suse.com/998964



More information about the sle-updates mailing list