Описание
Security update for wireshark
This update for wireshark fixes the following issues:
Security issues fixed:
- CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777)
- CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788)
- CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804)
- CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786)
- CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810)
- CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776)
- CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794)
- CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800)
- CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791)
- CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802)
Bug fixes:
- Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.8.html
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Desktop Applications 15
Ссылки
- Link for SUSE-SU-2018:2301-1
- E-Mail link for SUSE-SU-2018:2301-1
- SUSE Security Ratings
- SUSE Bug 1101776
- SUSE Bug 1101777
- SUSE Bug 1101786
- SUSE Bug 1101788
- SUSE Bug 1101791
- SUSE Bug 1101794
- SUSE Bug 1101800
- SUSE Bug 1101802
- SUSE Bug 1101804
- SUSE Bug 1101810
- SUSE CVE CVE-2018-14339 page
- SUSE CVE CVE-2018-14340 page
- SUSE CVE CVE-2018-14341 page
- SUSE CVE CVE-2018-14342 page
- SUSE CVE CVE-2018-14343 page
- SUSE CVE CVE-2018-14344 page
- SUSE CVE CVE-2018-14367 page
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
Затронутые продукты
Ссылки
- CVE-2018-14339
- SUSE Bug 1101810
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
Затронутые продукты
Ссылки
- CVE-2018-14340
- SUSE Bug 1101804
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
Затронутые продукты
Ссылки
- CVE-2018-14341
- SUSE Bug 1101776
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
Затронутые продукты
Ссылки
- CVE-2018-14342
- SUSE Bug 1101777
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
Затронутые продукты
Ссылки
- CVE-2018-14343
- SUSE Bug 1101786
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
Затронутые продукты
Ссылки
- CVE-2018-14344
- SUSE Bug 1101788
Описание
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
Затронутые продукты
Ссылки
- CVE-2018-14367
- SUSE Bug 1101791
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
Затронутые продукты
Ссылки
- CVE-2018-14368
- SUSE Bug 1101794
Описание
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
Затронутые продукты
Ссылки
- CVE-2018-14369
- SUSE Bug 1101800
Описание
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.
Затронутые продукты
Ссылки
- CVE-2018-14370
- SUSE Bug 1101802