Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0092-1 Final 1 1 2019-03-23T10:50:32Z current 2019-03-23T10:50:32Z 2019-03-23T10:50:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-92 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA/#UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA E-Mail link for openSUSE-SU-2019:0092-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1121232 SUSE Bug 1121232 https://bugzilla.suse.com/1121233 SUSE Bug 1121233 https://bugzilla.suse.com/1121234 SUSE Bug 1121234 https://bugzilla.suse.com/1121235 SUSE Bug 1121235 https://www.suse.com/security/cve/CVE-2019-5717/ SUSE CVE CVE-2019-5717 page https://www.suse.com/security/cve/CVE-2019-5718/ SUSE CVE CVE-2019-5718 page https://www.suse.com/security/cve/CVE-2019-5719/ SUSE CVE CVE-2019-5719 page https://www.suse.com/security/cve/CVE-2019-5721/ SUSE CVE CVE-2019-5721 page openSUSE Leap 15.0 libwireshark9-2.4.12-lp150.2.19.1 libwiretap7-2.4.12-lp150.2.19.1 libwscodecs1-2.4.12-lp150.2.19.1 libwsutil8-2.4.12-lp150.2.19.1 wireshark-2.4.12-lp150.2.19.1 wireshark-devel-2.4.12-lp150.2.19.1 wireshark-ui-qt-2.4.12-lp150.2.19.1 libwireshark9-2.4.12-lp150.2.19.1 as a component of openSUSE Leap 15.0 libwiretap7-2.4.12-lp150.2.19.1 as a component of openSUSE Leap 15.0 libwscodecs1-2.4.12-lp150.2.19.1 as a component of openSUSE Leap 15.0 libwsutil8-2.4.12-lp150.2.19.1 as a component of openSUSE Leap 15.0 wireshark-2.4.12-lp150.2.19.1 as a component of openSUSE Leap 15.0 wireshark-devel-2.4.12-lp150.2.19.1 as a component of openSUSE Leap 15.0 wireshark-ui-qt-2.4.12-lp150.2.19.1 as a component of openSUSE Leap 15.0 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. CVE-2019-5717 openSUSE Leap 15.0:libwireshark9-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwiretap7-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwscodecs1-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwsutil8-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-devel-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.12-lp150.2.19.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA/#UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA https://www.suse.com/security/cve/CVE-2019-5717.html CVE-2019-5717 https://bugzilla.suse.com/1121232 SUSE Bug 1121232 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. CVE-2019-5718 openSUSE Leap 15.0:libwireshark9-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwiretap7-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwscodecs1-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwsutil8-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-devel-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.12-lp150.2.19.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA/#UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA https://www.suse.com/security/cve/CVE-2019-5718.html CVE-2019-5718 https://bugzilla.suse.com/1121233 SUSE Bug 1121233 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. CVE-2019-5719 openSUSE Leap 15.0:libwireshark9-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwiretap7-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwscodecs1-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwsutil8-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-devel-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.12-lp150.2.19.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA/#UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA https://www.suse.com/security/cve/CVE-2019-5719.html CVE-2019-5719 https://bugzilla.suse.com/1121234 SUSE Bug 1121234 In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. CVE-2019-5721 openSUSE Leap 15.0:libwireshark9-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwiretap7-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwscodecs1-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:libwsutil8-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-devel-2.4.12-lp150.2.19.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.12-lp150.2.19.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA/#UAV33DKOHJGUM6CXMAYSIJ5H25J5ODNA https://www.suse.com/security/cve/CVE-2019-5721.html CVE-2019-5721 https://bugzilla.suse.com/1121235 SUSE Bug 1121235