Описание
Security update for wireshark
This update for wireshark to version 2.4.13 fixes the following issues:
Security issues fixed:
- CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367).
- CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369).
- CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370).
Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html
Список пакетов
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
SUSE Linux Enterprise Desktop 12 SP3
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
wireshark-gtk-2.4.13-48.42.1
SUSE Linux Enterprise Desktop 12 SP4
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
wireshark-gtk-2.4.13-48.42.1
SUSE Linux Enterprise Server 12 SP3
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
wireshark-gtk-2.4.13-48.42.1
SUSE Linux Enterprise Server 12 SP4
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
wireshark-gtk-2.4.13-48.42.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
wireshark-gtk-2.4.13-48.42.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libwireshark9-2.4.13-48.42.1
libwiretap7-2.4.13-48.42.1
libwscodecs1-2.4.13-48.42.1
libwsutil8-2.4.13-48.42.1
wireshark-2.4.13-48.42.1
wireshark-gtk-2.4.13-48.42.1
SUSE Linux Enterprise Software Development Kit 12 SP3
wireshark-devel-2.4.13-48.42.1
SUSE Linux Enterprise Software Development Kit 12 SP4
wireshark-devel-2.4.13-48.42.1
Ссылки
- Link for SUSE-SU-2019:0688-1
- E-Mail link for SUSE-SU-2019:0688-1
- SUSE Security Ratings
- SUSE Bug 1127367
- SUSE Bug 1127369
- SUSE Bug 1127370
- SUSE CVE CVE-2019-9208 page
- SUSE CVE CVE-2019-9209 page
- SUSE CVE CVE-2019-9214 page
Описание
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwireshark9-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwiretap7-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwscodecs1-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwsutil8-2.4.13-48.42.1
Ссылки
- CVE-2019-9208
- SUSE Bug 1127370
Описание
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwireshark9-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwiretap7-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwscodecs1-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwsutil8-2.4.13-48.42.1
Ссылки
- CVE-2019-9209
- SUSE Bug 1127369
Описание
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwireshark9-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwiretap7-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwscodecs1-2.4.13-48.42.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libwsutil8-2.4.13-48.42.1
Ссылки
- CVE-2019-9214
- SUSE Bug 1127367