Описание
Security update for Wireshark
This update to Wireshark 2.2.4 fixes two minor vulnerabilities that could be used to cause Wireshark to go into a large or infinite loop by sending specially crafted packages over the network or into a capture file. (bsc#1021739)
- CVE-2017-5596: The ASTERIX dissector could go into an infinite loop (wnpa-sec-2017-01)
- CVE-2017-5597: The DHCPv6 dissector could go into a large loop (wnpa-sec-2017-02)
- Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.4.html
Список пакетов
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:0364-1
- SUSE Security Ratings
Описание
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.
Затронутые продукты
Ссылки
- CVE-2017-5596
- SUSE Bug 1021739
Описание
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.
Затронутые продукты
Ссылки
- CVE-2017-5597
- SUSE Bug 1021739