Описание
Security update for wireshark
This update for wireshark to version 2.2.12 fixes the following issues:
- CVE-2018-5334: IxVeriWave file could crash (bsc#1075737)
- CVE-2018-5335: WCP dissector could crash (bsc#1075738)
- CVE-2018-5336: Multiple dissector crashes (bsc#1075739)
- CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171)
This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748)
Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2018:0191-1
- E-Mail link for SUSE-SU-2018:0191-1
- SUSE Security Ratings
- SUSE Bug 1074171
- SUSE Bug 1075737
- SUSE Bug 1075738
- SUSE Bug 1075739
- SUSE Bug 1075748
- SUSE CVE CVE-2017-17935 page
- SUSE CVE CVE-2018-5334 page
- SUSE CVE CVE-2018-5335 page
- SUSE CVE CVE-2018-5336 page
Описание
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Затронутые продукты
Ссылки
- CVE-2017-17935
- SUSE Bug 1074171
Описание
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
Затронутые продукты
Ссылки
- CVE-2018-5334
- SUSE Bug 1075737
Описание
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
Затронутые продукты
Ссылки
- CVE-2018-5335
- SUSE Bug 1075738
Описание
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-5336
- SUSE Bug 1075739