Описание
Security update for wireshark
This update for wireshark fixes the following issues:
- wireshark was updated to 3.2.8:
- CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406)
- CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291)
- Infinite memory allocation while parsing this tcp packet
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libwireshark13-3.2.8-lp152.2.9.1
libwiretap10-3.2.8-lp152.2.9.1
libwsutil11-3.2.8-lp152.2.9.1
wireshark-3.2.8-lp152.2.9.1
wireshark-devel-3.2.8-lp152.2.9.1
wireshark-ui-qt-3.2.8-lp152.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2020:2076-1
- SUSE Security Ratings
- SUSE Bug 1177406
- SUSE Bug 1178291
- SUSE CVE CVE-2020-26575 page
- SUSE CVE CVE-2020-28030 page
Описание
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
Затронутые продукты
openSUSE Leap 15.2:libwireshark13-3.2.8-lp152.2.9.1
openSUSE Leap 15.2:libwiretap10-3.2.8-lp152.2.9.1
openSUSE Leap 15.2:libwsutil11-3.2.8-lp152.2.9.1
openSUSE Leap 15.2:wireshark-3.2.8-lp152.2.9.1
Ссылки
- CVE-2020-26575
- SUSE Bug 1177406
- SUSE Bug 1178290
Описание
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
Затронутые продукты
openSUSE Leap 15.2:libwireshark13-3.2.8-lp152.2.9.1
openSUSE Leap 15.2:libwiretap10-3.2.8-lp152.2.9.1
openSUSE Leap 15.2:libwsutil11-3.2.8-lp152.2.9.1
openSUSE Leap 15.2:wireshark-3.2.8-lp152.2.9.1
Ссылки
- CVE-2020-28030
- SUSE Bug 1178291