Описание
Security update for wireshark
Wireshark was updated to 1.10.13 to fix bugs and security issues.
The following security issues were fixed:
- The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696]
- The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697]
- The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699]
- Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html
Список пакетов
SUSE Linux Enterprise Desktop 12
Ссылки
- Link for SUSE-SU-2015:0657-2
- E-Mail link for SUSE-SU-2015:0657-2
- SUSE Security Ratings
- SUSE Bug 920696
- SUSE Bug 920697
- SUSE Bug 920699
- SUSE CVE CVE-2015-2188 page
- SUSE CVE CVE-2015-2189 page
- SUSE CVE CVE-2015-2191 page
Описание
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
Затронутые продукты
Ссылки
- CVE-2015-2188
- SUSE Bug 920696
Описание
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-2189
- SUSE Bug 920697
Описание
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
Затронутые продукты
Ссылки
- CVE-2015-2191
- SUSE Bug 920699