Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1046-1

Опубликовано: 03 июн. 2015
Источник: suse-cvrf

Описание

Security update for wireshark

Wireshark was updated to 1.10.14 to fix four security issues.

The following vulnerabilities have been fixed:

  • CVE-2015-3811: The WCP dissector could crash while decompressing data. (wnpa-sec-2015-14)
  • CVE-2015-3812: The X11 dissector could leak memory. (wnpa-sec-2015-15)
  • CVE-2015-3813: The packet reassembly code could leak memory. (wnpa-sec-2015-16)
  • CVE-2015-3814: The IEEE 802.11 dissector could go into an infinite loop. (wnpa-sec-2015-17)

Список пакетов

SUSE Linux Enterprise Desktop 12
wireshark-1.10.14-12.1
SUSE Linux Enterprise Server 12
wireshark-1.10.14-12.1
SUSE Linux Enterprise Server for SAP Applications 12
wireshark-1.10.14-12.1
SUSE Linux Enterprise Software Development Kit 12
wireshark-devel-1.10.14-12.1

Ссылки

Описание

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.14-12.1
Ссылки

Описание

Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.14-12.1
Ссылки

Описание

The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.14-12.1
Ссылки

Описание

The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.14-12.1
SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.14-12.1
Ссылки