Описание
Security update for wireshark
This wireshark update to version 2.2.8 fixes the following issues:
Security issues fixed:
- CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621)
- CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255)
- CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255)
- CVE-2017-11407: The MQ dissector could crash. (bsc#1049255)
- CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2017:2033-1
- E-Mail link for SUSE-SU-2017:2033-1
- SUSE Security Ratings
- SUSE Bug 1049255
- SUSE Bug 1049621
- SUSE CVE CVE-2017-11406 page
- SUSE CVE CVE-2017-11407 page
- SUSE CVE CVE-2017-11408 page
- SUSE CVE CVE-2017-11410 page
- SUSE CVE CVE-2017-11411 page
Описание
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
Затронутые продукты
Ссылки
- CVE-2017-11406
- SUSE Bug 1049255
Описание
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
Затронутые продукты
Ссылки
- CVE-2017-11407
- SUSE Bug 1049255
Описание
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.
Затронутые продукты
Ссылки
- CVE-2017-11408
- SUSE Bug 1049255
Описание
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.
Затронутые продукты
Ссылки
- CVE-2017-11410
- SUSE Bug 1033938
- SUSE Bug 1049255
Описание
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.
Затронутые продукты
Ссылки
- CVE-2017-11411
- SUSE Bug 1049255
- SUSE Bug 1049621