Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3368-1 Final 1 1 2018-10-23T20:59:49Z current 2018-10-23T20:59:49Z 2018-10-23T20:59:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00053.html E-Mail link for openSUSE-SU-2018:3368-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libwireshark9-2.4.10-lp150.2.13.1 libwiretap7-2.4.10-lp150.2.13.1 libwscodecs1-2.4.10-lp150.2.13.1 libwsutil8-2.4.10-lp150.2.13.1 wireshark-2.4.10-lp150.2.13.1 wireshark-devel-2.4.10-lp150.2.13.1 wireshark-ui-qt-2.4.10-lp150.2.13.1 libwireshark9-2.4.10-lp150.2.13.1 as a component of openSUSE Leap 15.0 libwiretap7-2.4.10-lp150.2.13.1 as a component of openSUSE Leap 15.0 libwscodecs1-2.4.10-lp150.2.13.1 as a component of openSUSE Leap 15.0 libwsutil8-2.4.10-lp150.2.13.1 as a component of openSUSE Leap 15.0 wireshark-2.4.10-lp150.2.13.1 as a component of openSUSE Leap 15.0 wireshark-devel-2.4.10-lp150.2.13.1 as a component of openSUSE Leap 15.0 wireshark-ui-qt-2.4.10-lp150.2.13.1 as a component of openSUSE Leap 15.0 Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. CVE-2018-12086 openSUSE Leap 15.0:libwireshark9-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:libwiretap7-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:libwscodecs1-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:libwsutil8-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:wireshark-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:wireshark-devel-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.10-lp150.2.13.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-12086.html CVE-2018-12086 https://bugzilla.suse.com/1111647 SUSE Bug 1111647 In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. CVE-2018-18227 openSUSE Leap 15.0:libwireshark9-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:libwiretap7-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:libwscodecs1-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:libwsutil8-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:wireshark-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:wireshark-devel-2.4.10-lp150.2.13.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.10-lp150.2.13.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-18227.html CVE-2018-18227 https://bugzilla.suse.com/1111647 SUSE Bug 1111647