Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0489-1 Final 1 1 2015-03-05T10:47:20Z current 2015-03-05T10:47:20Z 2015-03-05T10:47:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues. The following security issues were fixed in 1.10.13: * The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] * The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] * The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html The following security issues were fixed in 1.12.4: - The following security issues were fixed: * The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695] * The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] * The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] * The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698] * The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] * The SCSI OSD dissector could go into an infinite loop. wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html E-Mail link for openSUSE-SU-2015:0489-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings wireshark-1.10.13-36.1 wireshark-devel-1.10.13-36.1 The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. CVE-2015-2187 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html https://www.suse.com/security/cve/CVE-2015-2187.html CVE-2015-2187 https://bugzilla.suse.com/920695 SUSE Bug 920695 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. CVE-2015-2188 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html https://www.suse.com/security/cve/CVE-2015-2188.html CVE-2015-2188 https://bugzilla.suse.com/920696 SUSE Bug 920696 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. CVE-2015-2189 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html https://www.suse.com/security/cve/CVE-2015-2189.html CVE-2015-2189 https://bugzilla.suse.com/920697 SUSE Bug 920697 epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. CVE-2015-2190 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html https://www.suse.com/security/cve/CVE-2015-2190.html CVE-2015-2190 https://bugzilla.suse.com/920698 SUSE Bug 920698 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVE-2015-2191 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html https://www.suse.com/security/cve/CVE-2015-2191.html CVE-2015-2191 https://bugzilla.suse.com/920699 SUSE Bug 920699 Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVE-2015-2192 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html https://www.suse.com/security/cve/CVE-2015-2192.html CVE-2015-2192 https://bugzilla.suse.com/920700 SUSE Bug 920700