Security update for Wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0937-1 Final 1 1 2015-05-15T19:02:40Z current 2015-05-15T19:02:40Z 2015-05-15T19:02:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Wireshark Wireshark was updated to 1.10.14 to fix three security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-3811: The WCP dissector could crash while decompressing data (wnpa-sec-2015-14) * CVE-2015-3812: The X11 dissector could leak memory (wnpa-sec-2015-15) * CVE-2015-3814: The IEEE 802.11 dissector could go into an infinite loop (wnpa-sec-2015-17) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-05/msg00039.html E-Mail link for openSUSE-SU-2015:0937-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings wireshark-1.10.14-39.1 wireshark-devel-1.10.14-39.1 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. CVE-2015-3811 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00039.html https://www.suse.com/security/cve/CVE-2015-3811.html CVE-2015-3811 https://bugzilla.suse.com/930689 SUSE Bug 930689 https://bugzilla.suse.com/930691 SUSE Bug 930691 Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVE-2015-3812 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00039.html https://www.suse.com/security/cve/CVE-2015-3812.html CVE-2015-3812 https://bugzilla.suse.com/930689 SUSE Bug 930689 https://bugzilla.suse.com/930691 SUSE Bug 930691 The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3814 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00039.html https://www.suse.com/security/cve/CVE-2015-3814.html CVE-2015-3814 https://bugzilla.suse.com/930689 SUSE Bug 930689 https://bugzilla.suse.com/930691 SUSE Bug 930691