Описание
Security update for wireshark
This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301).
This includes:
- CVE-2018-11356: DNS dissector crash
- CVE-2018-11357: Multiple dissectors could consume excessive memory
- CVE-2018-11358: Q.931 dissector crash
- CVE-2018-11359: The RRC dissector and other dissectors could crash
- CVE-2018-11360: GSM A DTAP dissector crash
- CVE-2018-11362: LDSS dissector crash
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Desktop Applications 15
Ссылки
- Link for SUSE-SU-2018:1988-1
- E-Mail link for SUSE-SU-2018:1988-1
- SUSE Security Ratings
- SUSE Bug 1094301
- SUSE CVE CVE-2018-11356 page
- SUSE CVE CVE-2018-11357 page
- SUSE CVE CVE-2018-11358 page
- SUSE CVE CVE-2018-11359 page
- SUSE CVE CVE-2018-11360 page
- SUSE CVE CVE-2018-11362 page
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
Затронутые продукты
Ссылки
- CVE-2018-11356
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
Затронутые продукты
Ссылки
- CVE-2018-11357
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
Затронутые продукты
Ссылки
- CVE-2018-11358
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2018-11359
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2018-11360
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
Затронутые продукты
Ссылки
- CVE-2018-11362
- SUSE Bug 1094301