Описание
Security update for wireshark
This update for wireshark fixes the following issues:
Update to Wireshark 3.6.15:
- Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.15.html
Security fixes:
- CVE-2023-0667: Fixed failure to validate MS-MMS packet length (bsc#1212084).
- CVE-2023-0668: Fixed IEEE C37.118 Synchrophasor dissector crash (bsc#1211710).
- CVE-2023-2855: Fixed Candump log file parser crash (bsc#1211703).
- CVE-2023-2856: Fixed VMS TCPIPtrace file parser crash (bsc#1211707).
- CVE-2023-2857: Fixed BLF file parser crash (bsc#1211705).
- CVE-2023-2858: Fixed NetScaler file parser crash (bsc#1211706).
- CVE-2023-2879: Fixed GDSDB dissector infinite loop (bsc#1211793).
- CVE-2023-2952: Fixed XRA dissector infinite loop (bsc#1211844).
- CVE-2023-3648: Fixed Kafka dissector crash (bsc#1213319).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
wireshark-devel-3.6.15-150000.3.97.1
wireshark-ui-qt-3.6.15-150000.3.97.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
wireshark-devel-3.6.15-150000.3.97.1
wireshark-ui-qt-3.6.15-150000.3.97.1
SUSE Linux Enterprise Real Time 15 SP3
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
wireshark-devel-3.6.15-150000.3.97.1
wireshark-ui-qt-3.6.15-150000.3.97.1
SUSE Manager Proxy 4.2
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
SUSE Manager Server 4.2
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
openSUSE Leap 15.4
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
wireshark-devel-3.6.15-150000.3.97.1
wireshark-ui-qt-3.6.15-150000.3.97.1
openSUSE Leap 15.5
libwireshark15-3.6.15-150000.3.97.1
libwiretap12-3.6.15-150000.3.97.1
libwsutil13-3.6.15-150000.3.97.1
wireshark-3.6.15-150000.3.97.1
wireshark-devel-3.6.15-150000.3.97.1
wireshark-ui-qt-3.6.15-150000.3.97.1
Ссылки
- Link for SUSE-SU-2023:3252-1
- E-Mail link for SUSE-SU-2023:3252-1
- SUSE Security Ratings
- SUSE Bug 1211703
- SUSE Bug 1211705
- SUSE Bug 1211706
- SUSE Bug 1211707
- SUSE Bug 1211710
- SUSE Bug 1211793
- SUSE Bug 1211844
- SUSE Bug 1212084
- SUSE Bug 1213319
- SUSE CVE CVE-2023-0667 page
- SUSE CVE CVE-2023-0668 page
- SUSE CVE CVE-2023-2855 page
- SUSE CVE CVE-2023-2856 page
- SUSE CVE CVE-2023-2857 page
- SUSE CVE CVE-2023-2858 page
- SUSE CVE CVE-2023-2879 page
- SUSE CVE CVE-2023-2952 page
Описание
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-0667
- SUSE Bug 1212084
Описание
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-0668
- SUSE Bug 1211710
Описание
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-2855
- SUSE Bug 1211703
Описание
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-2856
- SUSE Bug 1211707
Описание
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-2857
- SUSE Bug 1211705
Описание
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-2858
- SUSE Bug 1211706
Описание
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-2879
- SUSE Bug 1211793
Описание
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-2952
- SUSE Bug 1211844
Описание
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwireshark15-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwiretap12-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libwsutil13-3.6.15-150000.3.97.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:wireshark-3.6.15-150000.3.97.1
Ссылки
- CVE-2023-3648
- SUSE Bug 1213319