Описание
Security update for wireshark
This update for wireshark fixes the following issues:
- Update to wireshark 2.2.14, fix such issues:
- bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6
- CVE-2018-9256: LWAPP dissector crash
- CVE-2018-9260: IEEE 802.15.4 dissector crash
- CVE-2018-9261: NBAP dissector crash
- CVE-2018-9262: VLAN dissector crash
- CVE-2018-9263: Kerberos dissector crash
- CVE-2018-9264: ADB dissector crash
- CVE-2018-9265: tn3270 dissector has a memory leak
- CVE-2018-9266: ISUP dissector memory leak
- CVE-2018-9267: LAPD dissector memory leak
- CVE-2018-9268: SMB2 dissector memory leak
- CVE-2018-9269: GIOP dissector memory leak
- CVE-2018-9270: OIDS dissector memory leak
- CVE-2018-9271: multipart dissector memory leak
- CVE-2018-9272: h223 dissector memory leak
- CVE-2018-9273: pcp dissector memory leak
- CVE-2018-9274: failure message memory leak
- CVE-2018-9259: MP4 dissector crash
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2018:0980-1
- E-Mail link for SUSE-SU-2018:0980-1
- SUSE Security Ratings
- SUSE Bug 1088200
- SUSE CVE CVE-2018-9256 page
- SUSE CVE CVE-2018-9259 page
- SUSE CVE CVE-2018-9260 page
- SUSE CVE CVE-2018-9261 page
- SUSE CVE CVE-2018-9262 page
- SUSE CVE CVE-2018-9263 page
- SUSE CVE CVE-2018-9264 page
- SUSE CVE CVE-2018-9265 page
- SUSE CVE CVE-2018-9266 page
- SUSE CVE CVE-2018-9267 page
- SUSE CVE CVE-2018-9268 page
- SUSE CVE CVE-2018-9269 page
- SUSE CVE CVE-2018-9270 page
- SUSE CVE CVE-2018-9271 page
- SUSE CVE CVE-2018-9272 page
- SUSE CVE CVE-2018-9273 page
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-9256
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-9259
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
Затронутые продукты
Ссылки
- CVE-2018-9260
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
Затронутые продукты
Ссылки
- CVE-2018-9261
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-9262
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
Затронутые продукты
Ссылки
- CVE-2018-9263
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
Затронутые продукты
Ссылки
- CVE-2018-9264
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9265
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9266
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9267
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9268
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9269
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9270
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9271
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9272
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9273
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9274
- SUSE Bug 1088200