Описание
Security update for wireshark
This update for wireshark fixes the following issues:
Wireshark was updated to 2.4.10 (bsc#1111647).
Following security issues were fixed:
- CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47)
- CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50)
Further bug fixes and updated protocol support that were done are listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
libwireshark9-2.4.10-3.12.2
libwiretap7-2.4.10-3.12.2
libwscodecs1-2.4.10-3.12.2
libwsutil8-2.4.10-3.12.2
wireshark-2.4.10-3.12.2
SUSE Linux Enterprise Module for Desktop Applications 15
wireshark-devel-2.4.10-3.12.2
wireshark-ui-qt-2.4.10-3.12.2
Ссылки
- Link for SUSE-SU-2018:3282-1
- E-Mail link for SUSE-SU-2018:3282-1
- SUSE Security Ratings
- SUSE Bug 1111647
- SUSE CVE CVE-2018-12086 page
- SUSE CVE CVE-2018-18227 page
Описание
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libwireshark9-2.4.10-3.12.2
SUSE Linux Enterprise Module for Basesystem 15:libwiretap7-2.4.10-3.12.2
SUSE Linux Enterprise Module for Basesystem 15:libwscodecs1-2.4.10-3.12.2
SUSE Linux Enterprise Module for Basesystem 15:libwsutil8-2.4.10-3.12.2
Ссылки
- CVE-2018-12086
- SUSE Bug 1111647
Описание
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libwireshark9-2.4.10-3.12.2
SUSE Linux Enterprise Module for Basesystem 15:libwiretap7-2.4.10-3.12.2
SUSE Linux Enterprise Module for Basesystem 15:libwscodecs1-2.4.10-3.12.2
SUSE Linux Enterprise Module for Basesystem 15:libwsutil8-2.4.10-3.12.2
Ссылки
- CVE-2018-18227
- SUSE Bug 1111647