Описание
Security update for wireshark
This update for wireshark to version 2.2.11 fixes the following issues:
Minor vulnerabilities that could be used to trigger dissector crashes by making Wireshark read specially crafted packages from the network or capture files (boo#1070727):
- CVE-2017-17084: IWARP_MPA dissector crash (wnpa-sec-2017-47)
- CVE-2017-17083: NetBIOS dissector crash (wnpa-sec-2017-48)
- CVE-2017-17085: CIP Safety dissector crash (wnpa-sec-2017-49)
This update also fixes further bugs and updates protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:3202-1
- SUSE Security Ratings
Описание
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
Затронутые продукты
Ссылки
- CVE-2017-17083
- SUSE Bug 1070727
Описание
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
Затронутые продукты
Ссылки
- CVE-2017-17084
- SUSE Bug 1070727
Описание
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
Затронутые продукты
Ссылки
- CVE-2017-17085
- SUSE Bug 1070727