Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:3166-1

Опубликовано: 05 нояб. 2020
Источник: suse-cvrf

Описание

Security update for wireshark

This update for wireshark fixes the following issues:

  • Update to wireshark 3.2.7:
    • CVE-2020-25863: MIME Multipart dissector crash (bsc#1176908)
    • CVE-2020-25862: TCP dissector crash (bsc#1176909)
    • CVE-2020-25866: BLIP dissector crash (bsc#1176910)
    • CVE-2020-17498: Kafka dissector crash (bsc#1175204)

Список пакетов

Image SLES15-SAP-Azure-LI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
wireshark-3.2.7-3.41.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
wireshark-3.2.7-3.41.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
wireshark-3.2.7-3.41.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
wireshark-3.2.7-3.41.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
wireshark-3.2.7-3.41.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
wireshark-3.2.7-3.41.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libwireshark13-3.2.7-3.41.1
libwiretap10-3.2.7-3.41.1
libwsutil11-3.2.7-3.41.1
wireshark-3.2.7-3.41.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
libwireshark13-3.2.7-3.41.1
libwiretap10-3.2.7-3.41.1
libwsutil11-3.2.7-3.41.1
wireshark-3.2.7-3.41.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
wireshark-devel-3.2.7-3.41.1
wireshark-ui-qt-3.2.7-3.41.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
wireshark-devel-3.2.7-3.41.1
wireshark-ui-qt-3.2.7-3.41.1

Ссылки

Описание

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

Затронутые продукты
Image SLES15-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Ссылки

Описание

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.

Затронутые продукты
Image SLES15-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Ссылки

Описание

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

Затронутые продукты
Image SLES15-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Ссылки

Описание

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

Затронутые продукты
Image SLES15-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.2.7-3.41.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.7-3.41.1
Ссылки