Описание
Security update for wireshark
This update for wireshark to version 2.2.9 fixes the following issues:
Minor vulnerabilities that could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file:
- CVE-2017-13767: MSDP dissector infinite loop (boo#1056248)
- CVE-2017-13766: Profinet I/O buffer overrun (boo#1056249)
- CVE-2017-13765: IrCOMM dissector buffer overrun (boo#1056251)
- Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.9.html
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2349-1
- SUSE Security Ratings
Описание
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
Затронутые продукты
Ссылки
- CVE-2017-13765
- SUSE Bug 1056251
Описание
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.
Затронутые продукты
Ссылки
- CVE-2017-13766
- SUSE Bug 1056249
Описание
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.
Затронутые продукты
Ссылки
- CVE-2017-13767
- SUSE Bug 1056248