Описание
Security update for wireshark
This update for wireshark fixes an number of security issues.
Issues in protocol dissectors could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file.
- CVE-2016-5350: The SPOOLS dissector could go into an infinite loop
- CVE-2016-5351: The IEEE 802.11 dissector could crash
- CVE-2016-5353: The UMTS FP dissector could crash
- CVE-2016-5354: Some USB dissectors could crash
- CVE-2016-5355: The Toshiba file parser could crash
- CVE-2016-5356: The CoSine file parser could crash
- CVE-2016-5357: The NetScreen file parser could crash
- CVE-2016-5358: The Ethernet dissector could crash
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1612-1
- SUSE Security Ratings
Описание
epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2016-5350
- SUSE Bug 983671
Описание
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2016-5351
- SUSE Bug 983671
Описание
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2016-5353
- SUSE Bug 983671
Описание
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2016-5354
- SUSE Bug 983671
Описание
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-5355
- SUSE Bug 983671
Описание
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-5356
- SUSE Bug 983671
Описание
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-5357
- SUSE Bug 983671
Описание
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2016-5358
- SUSE Bug 983671