SUSE-SU-2018:3590-2

Опубликовано: 05 дек. 2018

Источник: suse-cvrf

Описание

Security update for wireshark

This update for wireshark fixes the following issues:

Wireshark was updated to 2.4.10 (bsc#1111647).

Following security issues were fixed:

CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47)
CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50)

Further bug fixes and updated protocol support that were done are listed in:

https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4

libwireshark9-2.4.10-48.32.1

libwiretap7-2.4.10-48.32.1

libwscodecs1-2.4.10-48.32.1

libwsutil8-2.4.10-48.32.1

wireshark-2.4.10-48.32.1

wireshark-gtk-2.4.10-48.32.1

SUSE Linux Enterprise Server 12 SP4

libwireshark9-2.4.10-48.32.1

libwiretap7-2.4.10-48.32.1

libwscodecs1-2.4.10-48.32.1

libwsutil8-2.4.10-48.32.1

wireshark-2.4.10-48.32.1

wireshark-gtk-2.4.10-48.32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libwireshark9-2.4.10-48.32.1

libwiretap7-2.4.10-48.32.1

libwscodecs1-2.4.10-48.32.1

libwsutil8-2.4.10-48.32.1

wireshark-2.4.10-48.32.1

wireshark-gtk-2.4.10-48.32.1

SUSE Linux Enterprise Software Development Kit 12 SP4

wireshark-devel-2.4.10-48.32.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183590-2/
Link for SUSE-SU-2018:3590-2
https://lists.suse.com/pipermail/sle-security-updates/2018-December/004919.html
E-Mail link for SUSE-SU-2018:3590-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1111647
SUSE Bug 1111647
https://www.suse.com/security/cve/CVE-2018-12086/
SUSE CVE CVE-2018-12086 page
https://www.suse.com/security/cve/CVE-2018-18227/
SUSE CVE CVE-2018-18227 page

Описание

Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP4:libwireshark9-2.4.10-48.32.1

SUSE Linux Enterprise Desktop 12 SP4:libwiretap7-2.4.10-48.32.1

SUSE Linux Enterprise Desktop 12 SP4:libwscodecs1-2.4.10-48.32.1

SUSE Linux Enterprise Desktop 12 SP4:libwsutil8-2.4.10-48.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12086.html
CVE-2018-12086
https://bugzilla.suse.com/1111647
SUSE Bug 1111647

Описание

In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP4:libwireshark9-2.4.10-48.32.1

SUSE Linux Enterprise Desktop 12 SP4:libwiretap7-2.4.10-48.32.1

SUSE Linux Enterprise Desktop 12 SP4:libwscodecs1-2.4.10-48.32.1

SUSE Linux Enterprise Desktop 12 SP4:libwsutil8-2.4.10-48.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18227.html
CVE-2018-18227
https://bugzilla.suse.com/1111647
SUSE Bug 1111647

SUSE-SU-2018:3590-2

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2018-12086

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18227

Описание

Затронутые продукты

Ссылки