Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2032-1

Опубликовано: 03 авг. 2017
Источник: suse-cvrf

Описание

Security update for wireshark

This wireshark update to version 2.2.8 fixes the following issues:

Security issues fixed:

  • CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621)
  • CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255)
  • CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255)
  • CVE-2017-11407: The MQ dissector could crash. (bsc#1049255)
  • CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
wireshark-2.0.14-40.7.1
wireshark-gtk-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
wireshark-2.0.14-40.7.1
wireshark-gtk-2.0.14-40.7.1
SUSE Linux Enterprise Software Development Kit 11 SP4
wireshark-2.0.14-40.7.1
wireshark-devel-2.0.14-40.7.1
wireshark-gtk-2.0.14-40.7.1

Ссылки

Описание

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.0.14-40.7.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.0.14-40.7.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.0.14-40.7.1
Ссылки

Описание

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.0.14-40.7.1
Ссылки

Описание

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.0.14-40.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.0.14-40.7.1
Ссылки
Уязвимость SUSE-SU-2017:2032-1