Описание
Security update for wireshark
This update for wireshark fixes the following issues:
Wireshark was updated to 2.4.10 (bsc#1111647).
Following security issues were fixed:
- CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47)
- CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50)
Further bug fixes and updated protocol support that were done are listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libwireshark9-2.4.10-lp150.2.13.1
libwiretap7-2.4.10-lp150.2.13.1
libwscodecs1-2.4.10-lp150.2.13.1
libwsutil8-2.4.10-lp150.2.13.1
wireshark-2.4.10-lp150.2.13.1
wireshark-devel-2.4.10-lp150.2.13.1
wireshark-ui-qt-2.4.10-lp150.2.13.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3368-1
- SUSE Security Ratings
Описание
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
Затронутые продукты
openSUSE Leap 15.0:libwireshark9-2.4.10-lp150.2.13.1
openSUSE Leap 15.0:libwiretap7-2.4.10-lp150.2.13.1
openSUSE Leap 15.0:libwscodecs1-2.4.10-lp150.2.13.1
openSUSE Leap 15.0:libwsutil8-2.4.10-lp150.2.13.1
Ссылки
- CVE-2018-12086
- SUSE Bug 1111647
Описание
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
Затронутые продукты
openSUSE Leap 15.0:libwireshark9-2.4.10-lp150.2.13.1
openSUSE Leap 15.0:libwiretap7-2.4.10-lp150.2.13.1
openSUSE Leap 15.0:libwscodecs1-2.4.10-lp150.2.13.1
openSUSE Leap 15.0:libwsutil8-2.4.10-lp150.2.13.1
Ссылки
- CVE-2018-18227
- SUSE Bug 1111647