Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0899-1

Опубликовано: 07 апр. 2018
Источник: suse-cvrf

Описание

Security update for wireshark

This update for wireshark fixes the following issues:

Minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (boo#1088200):

  • CVE-2018-9264: ADB dissector crash
  • CVE-2018-9260: IEEE 802.15.4 dissector crash
  • CVE-2018-9261: NBAP dissector crash
  • CVE-2018-9262: VLAN dissector crash
  • CVE-2018-9256: LWAPP dissector crash
  • CVE-2018-9263: Kerberos dissector crash
  • CVE-2018-9259: MP4 dissector crash
  • Memory leaks in multiple dissectors: CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274

This update also contains all upstream bug fixes and updated protocol support as listed in:

https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html

Список пакетов

openSUSE Leap 42.3
wireshark-2.2.14-38.1
wireshark-devel-2.2.14-38.1
wireshark-ui-gtk-2.2.14-38.1
wireshark-ui-qt-2.2.14-38.1

Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки

Описание

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.

Затронутые продукты
openSUSE Leap 42.3:wireshark-2.2.14-38.1
openSUSE Leap 42.3:wireshark-devel-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-gtk-2.2.14-38.1
openSUSE Leap 42.3:wireshark-ui-qt-2.2.14-38.1
Ссылки
Уязвимость openSUSE-SU-2018:0899-1