Описание
Security update for wireshark
- The following vulnerabilities allowed Wireshark to be crashed by
injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file.
- The WCCP dissector could crash wnpa-sec-2015-01 CVE-2015-0559 CVE-2015-0560 [boo#912365]
- The LPP dissector could crash. wnpa-sec-2015-02 CVE-2015-0561 [boo#912368]
- The DEC DNA Routing Protocol dissector could crash. wnpa-sec-2015-03 CVE-2015-0562 [boo#912369]
- The SMTP dissector could crash. wnpa-sec-2015-04 CVE-2015-0563 [boo#912370]
- Wireshark could crash while decypting TLS/SSL sessions. wnpa-sec-2015-05 CVE-2015-0564 [boo#912372]
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:0307-1
- E-Mail link for SUSE-SU-2015:0307-1
- SUSE Security Ratings
- SUSE Bug 912365
- SUSE Bug 912368
- SUSE Bug 912369
- SUSE Bug 912370
- SUSE Bug 912372
- SUSE CVE CVE-2015-0559 page
- SUSE CVE CVE-2015-0560 page
- SUSE CVE CVE-2015-0561 page
- SUSE CVE CVE-2015-0562 page
- SUSE CVE CVE-2015-0563 page
- SUSE CVE CVE-2015-0564 page
Описание
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
Затронутые продукты
Ссылки
- CVE-2015-0559
- SUSE Bug 912365
Описание
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-0560
- SUSE Bug 912365
Описание
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-0561
- SUSE Bug 912368
Описание
Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
Затронутые продукты
Ссылки
- CVE-2015-0562
- SUSE Bug 912369
Описание
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-0563
- SUSE Bug 912370
Описание
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
Затронутые продукты
Ссылки
- CVE-2015-0564
- SUSE Bug 912372