Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2923-1

Опубликовано: 18 нояб. 2016
Источник: suse-cvrf

Описание

Security update for wireshark

This update to wireshark 2.2.2 fixes the following issues:

  • CVE-2016-9372: Profinet I/O long loop (boo#1010807)
  • CVE-2016-9374: AllJoyn crash (boo#1010752)
  • CVE-2016-9376: OpenFlow crash (boo#1010735)
  • CVE-2016-9373: DCERPC crash (boo#1010754)
  • CVE-2016-9375: DTN infinite loop (boo#1010740)

This update also contains urther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html

Список пакетов

openSUSE Leap 42.2
wireshark-2.2.2-3.1
wireshark-devel-2.2.2-3.1
wireshark-ui-gtk-2.2.2-3.1
wireshark-ui-qt-2.2.2-3.1

Ссылки

Описание

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.2-3.1
openSUSE Leap 42.2:wireshark-devel-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.2-3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.2-3.1
openSUSE Leap 42.2:wireshark-devel-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.2-3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.2-3.1
openSUSE Leap 42.2:wireshark-devel-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.2-3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.2-3.1
openSUSE Leap 42.2:wireshark-devel-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.2-3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.2-3.1
openSUSE Leap 42.2:wireshark-devel-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.2-3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.2-3.1
Ссылки