Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1534-1

Опубликовано: 12 июн. 2017
Источник: suse-cvrf

Описание

Security update for wireshark

This update for wireshark fixes minor vulnerabilities that could be used to trigger dissector crashes, infinite loops, or cause excessive use of CPU resources by making Wireshark read specially crafted packages from the network or a capture file:

  • CVE-2017-9352: Bazaar dissector infinite loop (boo#1042304)
  • CVE-2017-9348: DOF dissector read overflow (boo#1042303)
  • CVE-2017-9351: DHCP dissector read overflow (boo#1042302)
  • CVE-2017-9346: SoulSeek dissector infinite loop (boo#1042301)
  • CVE-2017-9345: DNS dissector infinite loop (boo#1042300)
  • CVE-2017-9349: DICOM dissector infinite loop (boo#1042305)
  • CVE-2017-9350: openSAFETY dissector memory exhaustion (boo#1042299)
  • CVE-2017-9344: BT L2CAP dissector divide by zero (boo#1042298)
  • CVE-2017-9343: MSNIP dissector crash (boo#1042309)
  • CVE-2017-9347: ROS dissector crash (boo#1042308)
  • CVE-2017-9354: RGMP dissector crash (boo#1042307)
  • CVE-2017-9353: IPv6 dissector crash (boo#1042306)

Список пакетов

openSUSE Leap 42.2
wireshark-2.2.7-14.6.1
wireshark-devel-2.2.7-14.6.1
wireshark-ui-gtk-2.2.7-14.6.1
wireshark-ui-qt-2.2.7-14.6.1

Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки

Описание

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.

Затронутые продукты
openSUSE Leap 42.2:wireshark-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-devel-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.7-14.6.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.7-14.6.1
Ссылки