Описание
Security update for wireshark
This update for wireshark fixes the following issues:
Minor vulnerabilities that could be used to trigger dissector crashes or cause excessive memory use by making Wireshark read specially crafted packages from the network or capture files (boo#1094301):
- CVE-2018-11356: DNS dissector crash
- CVE-2018-11357: Multiple dissectors could consume excessive memory
- CVE-2018-11358: Q.931 dissector crash
- CVE-2018-11359: The RRC dissector and other dissectors could crash
- CVE-2018-11360: GSM A DTAP dissector crash
- CVE-2018-11362: LDSS dissector crash
This update to version 2.4.7 also contains bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.7.html
Список пакетов
openSUSE Leap 15.0
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:1428-1
- SUSE Security Ratings
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
Затронутые продукты
Ссылки
- CVE-2018-11356
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
Затронутые продукты
Ссылки
- CVE-2018-11357
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
Затронутые продукты
Ссылки
- CVE-2018-11358
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2018-11359
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2018-11360
- SUSE Bug 1094301
Описание
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
Затронутые продукты
Ссылки
- CVE-2018-11362
- SUSE Bug 1094301