Описание
Security update for wireshark
This update for wireshark fixes the following issues:
- Wireshark to 3.2.5:
- CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606)
- CVE-2020-13164: NFS dissector crash (bsc#1171899)
- CVE-2020-11647: The BACapp dissector could crash (bsc#1169063)
- Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:1199-1
- SUSE Security Ratings
- SUSE Bug 1169063
- SUSE Bug 1171899
- SUSE Bug 1173606
- SUSE CVE CVE-2020-11647 page
- SUSE CVE CVE-2020-13164 page
- SUSE CVE CVE-2020-15466 page
Описание
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
Затронутые продукты
Ссылки
- CVE-2020-11647
- SUSE Bug 1169063
Описание
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
Затронутые продукты
Ссылки
- CVE-2020-13164
- SUSE Bug 1171899
Описание
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Затронутые продукты
Ссылки
- CVE-2020-15466
- SUSE Bug 1173606