Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1087-1

Опубликовано: 21 апр. 2017
Источник: suse-cvrf

Описание

Security update for wireshark

This update to Wireshark 2.2.6 fixes minor vulnerabilities that could be used to trigger a dissector crash or infinite loops by sending specially crafted packages over the network or into a capture file:

  • CVE-2017-7700: NetScaler file parser infinite loop (boo#1033936)
  • CVE-2017-7701: BGP dissector infinite loop (boo#1033937)
  • CVE-2017-7702: WBMXL dissector infinite loop (boo#1033938)
  • CVE-2017-7703: IMAP dissector crash (boo#1033939)
  • CVE-2017-7704: DOF dissector infinite loop (boo#1033940)
  • CVE-2017-7705: RPCoRDMA dissector infinite loop (boo#1033941)
  • CVE-2017-7745: SIGCOMP dissector infinite loop (boo#1033942)
  • CVE-2017-7746: SLSK dissector long loop (boo#1033943)
  • CVE-2017-7747: PacketBB dissector crash (boo#1033944)
  • CVE-2017-7748: WSP dissector infinite loop (boo#1033945)

Список пакетов

openSUSE Leap 42.2
wireshark-2.2.6-14.3.1
wireshark-devel-2.2.6-14.3.1
wireshark-ui-gtk-2.2.6-14.3.1
wireshark-ui-qt-2.2.6-14.3.1

Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1
Ссылки