Описание
Security update for wireshark
This update for wireshark fixes the following issues:
- Update to wireshark 2.2.14, fix such issues:
- bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6
- CVE-2018-9256: LWAPP dissector crash
- CVE-2018-9260: IEEE 802.15.4 dissector crash
- CVE-2018-9261: NBAP dissector crash
- CVE-2018-9262: VLAN dissector crash
- CVE-2018-9263: Kerberos dissector crash
- CVE-2018-9264: ADB dissector crash
- CVE-2018-9265: tn3270 dissector has a memory leak
- CVE-2018-9266: ISUP dissector memory leak
- CVE-2018-9267: LAPD dissector memory leak
- CVE-2018-9268: SMB2 dissector memory leak
- CVE-2018-9269: GIOP dissector memory leak
- CVE-2018-9270: OIDS dissector memory leak
- CVE-2018-9271: multipart dissector memory leak
- CVE-2018-9272: h223 dissector memory leak
- CVE-2018-9273: pcp dissector memory leak
- CVE-2018-9274: failure message memory leak
- CVE-2018-9259: MP4 dissector crash
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2018:0981-1
- E-Mail link for SUSE-SU-2018:0981-1
- SUSE Security Ratings
- SUSE Bug 1088200
- SUSE CVE CVE-2018-9256 page
- SUSE CVE CVE-2018-9259 page
- SUSE CVE CVE-2018-9260 page
- SUSE CVE CVE-2018-9261 page
- SUSE CVE CVE-2018-9262 page
- SUSE CVE CVE-2018-9263 page
- SUSE CVE CVE-2018-9264 page
- SUSE CVE CVE-2018-9265 page
- SUSE CVE CVE-2018-9266 page
- SUSE CVE CVE-2018-9267 page
- SUSE CVE CVE-2018-9268 page
- SUSE CVE CVE-2018-9269 page
- SUSE CVE CVE-2018-9270 page
- SUSE CVE CVE-2018-9271 page
- SUSE CVE CVE-2018-9272 page
- SUSE CVE CVE-2018-9273 page
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-9256
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-9259
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
Затронутые продукты
Ссылки
- CVE-2018-9260
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
Затронутые продукты
Ссылки
- CVE-2018-9261
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-9262
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
Затронутые продукты
Ссылки
- CVE-2018-9263
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
Затронутые продукты
Ссылки
- CVE-2018-9264
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9265
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9266
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9267
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9268
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9269
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9270
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9271
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9272
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9273
- SUSE Bug 1088200
Описание
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.
Затронутые продукты
Ссылки
- CVE-2018-9274
- SUSE Bug 1088200