Описание
Security update for wireshark
Wireshark has been updated to 1.12.7. (FATE#319388)
The following vulnerabilities have been fixed:
- Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241
- Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242
- Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243
- The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244
- The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245
- The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246
- The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247
- Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248
- The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249
- Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html
Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652)
Список пакетов
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2015:1676-1
- E-Mail link for SUSE-SU-2015:1676-1
- SUSE Security Ratings
- SUSE Bug 935158
- SUSE Bug 941500
- SUSE CVE CVE-2015-3813 page
- SUSE CVE CVE-2015-4652 page
- SUSE CVE CVE-2015-6241 page
- SUSE CVE CVE-2015-6242 page
- SUSE CVE CVE-2015-6243 page
- SUSE CVE CVE-2015-6244 page
- SUSE CVE CVE-2015-6245 page
- SUSE CVE CVE-2015-6246 page
- SUSE CVE CVE-2015-6247 page
- SUSE CVE CVE-2015-6248 page
- SUSE CVE CVE-2015-6249 page
Описание
The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-3813
- SUSE Bug 930689
Описание
epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.
Затронутые продукты
Ссылки
- CVE-2015-4652
- SUSE Bug 935158
Описание
The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6241
- SUSE Bug 941500
Описание
The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6242
- SUSE Bug 941500
Описание
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.
Затронутые продукты
Ссылки
- CVE-2015-6243
- SUSE Bug 941500
Описание
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6244
- SUSE Bug 941500
Описание
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6245
- SUSE Bug 941500
Описание
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6246
- SUSE Bug 941500
Описание
The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6247
- SUSE Bug 941500
Описание
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6248
- SUSE Bug 941500
Описание
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2015-6249
- SUSE Bug 941500