Описание
Security update for wireshark
This update for wireshark to version 2.2.12 fixes the following issues:
- CVE-2018-5334: IxVeriWave file could crash (boo#1075737)
- CVE-2018-5335: WCP dissector could crash (boo#1075738)
- CVE-2018-5336: Multiple dissector crashes (boo#1075739)
- CVE-2017-17997: MRDISC dissector could crash (boo#1074171)
This release no longers enable the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (boo#1075748)
Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0090-1
- SUSE Security Ratings
Описание
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
Затронутые продукты
Ссылки
- CVE-2017-17997
- SUSE Bug 1077080
Описание
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
Затронутые продукты
Ссылки
- CVE-2018-5334
- SUSE Bug 1075737
Описание
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
Затронутые продукты
Ссылки
- CVE-2018-5335
- SUSE Bug 1075738
Описание
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
Затронутые продукты
Ссылки
- CVE-2018-5336
- SUSE Bug 1075739