Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:1882-1

Опубликовано: 09 нояб. 2020
Источник: suse-cvrf

Описание

Security update for wireshark

This update for wireshark fixes the following issues:

  • Update to wireshark 3.2.7:
    • CVE-2020-25863: MIME Multipart dissector crash (bsc#1176908)
    • CVE-2020-25862: TCP dissector crash (bsc#1176909)
    • CVE-2020-25866: BLIP dissector crash (bsc#1176910)
    • CVE-2020-17498: Kafka dissector crash (bsc#1175204)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2
libwireshark13-3.2.7-lp152.2.6.1
libwiretap10-3.2.7-lp152.2.6.1
libwsutil11-3.2.7-lp152.2.6.1
wireshark-3.2.7-lp152.2.6.1
wireshark-devel-3.2.7-lp152.2.6.1
wireshark-ui-qt-3.2.7-lp152.2.6.1

Ссылки

Описание

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

Затронутые продукты
openSUSE Leap 15.2:libwireshark13-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwiretap10-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwsutil11-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:wireshark-3.2.7-lp152.2.6.1
Ссылки

Описание

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.

Затронутые продукты
openSUSE Leap 15.2:libwireshark13-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwiretap10-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwsutil11-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:wireshark-3.2.7-lp152.2.6.1
Ссылки

Описание

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

Затронутые продукты
openSUSE Leap 15.2:libwireshark13-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwiretap10-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwsutil11-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:wireshark-3.2.7-lp152.2.6.1
Ссылки

Описание

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

Затронутые продукты
openSUSE Leap 15.2:libwireshark13-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwiretap10-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:libwsutil11-3.2.7-lp152.2.6.1
openSUSE Leap 15.2:wireshark-3.2.7-lp152.2.6.1
Ссылки
Уязвимость openSUSE-SU-2020:1882-1