Описание
Security update for wireshark
This update for wireshark to version 2.2.10 fixes multiple minor security issues.
These vulnerabilities that could be used to trigger dissector crashes or infinite loops by making Wireshark read specially crafted packages from the network or a capture file:
- CVE-2017-15192: BT ATT dissector crash
- CVE-2017-15193: MBIM dissector crash
- CVE-2017-15191: DMP dissector crash
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2730-1
- SUSE Security Ratings
Описание
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
Затронутые продукты
Ссылки
- CVE-2017-15191
- SUSE Bug 1062645
- SUSE Bug 983671
Описание
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.
Затронутые продукты
Ссылки
- CVE-2017-15192
- SUSE Bug 1062645
- SUSE Bug 983671
Описание
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
Затронутые продукты
Ссылки
- CVE-2017-15193
- SUSE Bug 1062645
- SUSE Bug 983671