SUSE-SU-2015:0657-1

Опубликовано: 12 мар. 2015

Источник: suse-cvrf

Описание

Security update for wireshark

Wireshark was updated to 1.10.13 to fix bugs and security issues.

The following security issues were fixed:

The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696]
The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697]
The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699]

Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html

Список пакетов

SUSE Linux Enterprise Server 12

wireshark-1.10.13-8.1

SUSE Linux Enterprise Server for SAP Applications 12

wireshark-1.10.13-8.1

SUSE Linux Enterprise Software Development Kit 12

wireshark-devel-1.10.13-8.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150657-1/
Link for SUSE-SU-2015:0657-1
https://lists.suse.com/pipermail/sle-security-updates/2015-April/001324.html
E-Mail link for SUSE-SU-2015:0657-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/920696
SUSE Bug 920696
https://bugzilla.suse.com/920697
SUSE Bug 920697
https://bugzilla.suse.com/920699
SUSE Bug 920699
https://www.suse.com/security/cve/CVE-2015-2188/
SUSE CVE CVE-2015-2188 page
https://www.suse.com/security/cve/CVE-2015-2189/
SUSE CVE CVE-2015-2189 page
https://www.suse.com/security/cve/CVE-2015-2191/
SUSE CVE CVE-2015-2191 page

Описание

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

Затронутые продукты

SUSE Linux Enterprise Server 12:wireshark-1.10.13-8.1

SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.13-8.1

SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.13-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-2188.html
CVE-2015-2188
https://bugzilla.suse.com/920696
SUSE Bug 920696

Описание

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

Затронутые продукты

SUSE Linux Enterprise Server 12:wireshark-1.10.13-8.1

SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.13-8.1

SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.13-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-2189.html
CVE-2015-2189
https://bugzilla.suse.com/920697
SUSE Bug 920697

Описание

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

Затронутые продукты

SUSE Linux Enterprise Server 12:wireshark-1.10.13-8.1

SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.13-8.1

SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.13-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-2191.html
CVE-2015-2191
https://bugzilla.suse.com/920699
SUSE Bug 920699

SUSE-SU-2015:0657-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server for SAP Applications 12

SUSE Linux Enterprise Software Development Kit 12

Ссылки

Уязвимость: CVE-2015-2188

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-2189

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-2191

Описание

Затронутые продукты

Ссылки