SUSE-SU-2018:0867-1: moderate: Security update for wireshark
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Apr 3 16:08:36 MDT 2018
SUSE Security Update: Security update for wireshark
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0867-1
Rating: moderate
References: #1077080 #1082692
Cross-References: CVE-2017-17997 CVE-2018-7320 CVE-2018-7321
CVE-2018-7322 CVE-2018-7323 CVE-2018-7324
CVE-2018-7325 CVE-2018-7326 CVE-2018-7327
CVE-2018-7328 CVE-2018-7329 CVE-2018-7330
CVE-2018-7331 CVE-2018-7332 CVE-2018-7333
CVE-2018-7334 CVE-2018-7335 CVE-2018-7336
CVE-2018-7337 CVE-2018-7417 CVE-2018-7418
CVE-2018-7419 CVE-2018-7420 CVE-2018-7421
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes 24 vulnerabilities is now available.
Description:
This update for wireshark fixes the following issues:
Security issue fixed (bsc#1082692):
- CVE-2018-7335: The IEEE 802.11 dissector could crash (wnpa-sec-2018-05)
- CVE-2018-7321: thrift long dissector loop (dissect_thrift_map)
- CVE-2018-7322: DICOM: inifinite loop (dissect_dcm_tag)
- CVE-2018-7323: WCCP: very long loop
(dissect_wccp2_alternate_mask_value_set_element)
- CVE-2018-7324: SCCP: infinite loop (dissect_sccp_optional_parameters)
- CVE-2018-7325: RPKI-Router Protocol: infinite loop (dissect_rpkirtr_pdu)
- CVE-2018-7326: LLTD: infinite loop (dissect_lltd_tlv)
- CVE-2018-7327: openflow_v6: infinite loop
(dissect_openflow_bundle_control_v6)
- CVE-2018-7328: USB-DARWIN: long loop (dissect_darwin_usb_iso_transfer)
- CVE-2018-7329: S7COMM: infinite loop (s7comm_decode_ud_cpu_alarm_main)
- CVE-2018-7330: thread_meshcop: infinite loop (get_chancount)
- CVE-2018-7331: GTP: infinite loop (dissect_gprscdr_GGSNPDPRecord,
dissect_ber_set)
- CVE-2018-7332: RELOAD: infinite loop (dissect_statans)
- CVE-2018-7333: RPCoRDMA: infinite loop in get_write_list_chunk_count
- CVE-2018-7421: Multiple dissectors could go into large infinite loops
(wnpa-sec-2018-06)
- CVE-2018-7334: The UMTS MAC dissector could crash (wnpa-sec-2018-07)
- CVE-2018-7337: The DOCSIS dissector could crash (wnpa-sec-2018-08)
- CVE-2018-7336: The FCP dissector could crash (wnpa-sec-2018-09)
- CVE-2018-7320: The SIGCOMP dissector could crash (wnpa-sec-2018-10)
- CVE-2018-7420: The pcapng file parser could crash (wnpa-sec-2018-11)
- CVE-2018-7417: The IPMI dissector could crash (wnpa-sec-2018-12)
- CVE-2018-7418: The SIGCOMP dissector could crash (wnpa-sec-2018-13)
- CVE-2018-7419: The NBAP disssector could crash (wnpa-sec-2018-14)
- CVE-2017-17997: Misuse of NULL pointer in MRDISC dissector (bsc#1077080).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-wireshark-13547=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-wireshark-13547=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-wireshark-13547=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
wireshark-devel-2.2.13-40.22.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
libwireshark8-2.2.13-40.22.1
libwiretap6-2.2.13-40.22.1
libwscodecs1-2.2.13-40.22.1
libwsutil7-2.2.13-40.22.1
wireshark-2.2.13-40.22.1
wireshark-gtk-2.2.13-40.22.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libwireshark8-2.2.13-40.22.1
libwiretap6-2.2.13-40.22.1
libwscodecs1-2.2.13-40.22.1
libwsutil7-2.2.13-40.22.1
wireshark-2.2.13-40.22.1
wireshark-gtk-2.2.13-40.22.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
wireshark-debuginfo-2.2.13-40.22.1
wireshark-debugsource-2.2.13-40.22.1
References:
https://www.suse.com/security/cve/CVE-2017-17997.html
https://www.suse.com/security/cve/CVE-2018-7320.html
https://www.suse.com/security/cve/CVE-2018-7321.html
https://www.suse.com/security/cve/CVE-2018-7322.html
https://www.suse.com/security/cve/CVE-2018-7323.html
https://www.suse.com/security/cve/CVE-2018-7324.html
https://www.suse.com/security/cve/CVE-2018-7325.html
https://www.suse.com/security/cve/CVE-2018-7326.html
https://www.suse.com/security/cve/CVE-2018-7327.html
https://www.suse.com/security/cve/CVE-2018-7328.html
https://www.suse.com/security/cve/CVE-2018-7329.html
https://www.suse.com/security/cve/CVE-2018-7330.html
https://www.suse.com/security/cve/CVE-2018-7331.html
https://www.suse.com/security/cve/CVE-2018-7332.html
https://www.suse.com/security/cve/CVE-2018-7333.html
https://www.suse.com/security/cve/CVE-2018-7334.html
https://www.suse.com/security/cve/CVE-2018-7335.html
https://www.suse.com/security/cve/CVE-2018-7336.html
https://www.suse.com/security/cve/CVE-2018-7337.html
https://www.suse.com/security/cve/CVE-2018-7417.html
https://www.suse.com/security/cve/CVE-2018-7418.html
https://www.suse.com/security/cve/CVE-2018-7419.html
https://www.suse.com/security/cve/CVE-2018-7420.html
https://www.suse.com/security/cve/CVE-2018-7421.html
https://bugzilla.suse.com/1077080
https://bugzilla.suse.com/1082692
More information about the sle-updates
mailing list