Security update for Wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1958-1 Final 1 1 2017-07-25T19:49:30Z current 2017-07-25T19:49:30Z 2017-07-25T19:49:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Wireshark This update to Wireshark 2.2.8 fixes some minor vulnerabilities could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file: - CVE-2017-7702,CVE-2017-11410: WBMXL dissector infinite loop (wnpa-sec-2017-13) - CVE-2017-9350,CVE-2017-11411: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) - CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34) - CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35) - CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html E-Mail link for openSUSE-SU-2017:1958-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 wireshark-2.2.8-17.1 wireshark-devel-2.2.8-17.1 wireshark-ui-gtk-2.2.8-17.1 wireshark-ui-qt-2.2.8-17.1 wireshark-2.2.8-17.1 as a component of openSUSE Leap 42.2 wireshark-devel-2.2.8-17.1 as a component of openSUSE Leap 42.2 wireshark-ui-gtk-2.2.8-17.1 as a component of openSUSE Leap 42.2 wireshark-ui-qt-2.2.8-17.1 as a component of openSUSE Leap 42.2 wireshark-2.2.8-17.1 as a component of openSUSE Leap 42.3 wireshark-devel-2.2.8-17.1 as a component of openSUSE Leap 42.3 wireshark-ui-gtk-2.2.8-17.1 as a component of openSUSE Leap 42.3 wireshark-ui-qt-2.2.8-17.1 as a component of openSUSE Leap 42.3 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. CVE-2017-11406 openSUSE Leap 42.2:wireshark-2.2.8-17.1 openSUSE Leap 42.2:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.8-17.1 openSUSE Leap 42.3:wireshark-2.2.8-17.1 openSUSE Leap 42.3:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.8-17.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html https://www.suse.com/security/cve/CVE-2017-11406.html CVE-2017-11406 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. CVE-2017-11407 openSUSE Leap 42.2:wireshark-2.2.8-17.1 openSUSE Leap 42.2:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.8-17.1 openSUSE Leap 42.3:wireshark-2.2.8-17.1 openSUSE Leap 42.3:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.8-17.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html https://www.suse.com/security/cve/CVE-2017-11407.html CVE-2017-11407 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. CVE-2017-11408 openSUSE Leap 42.2:wireshark-2.2.8-17.1 openSUSE Leap 42.2:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.8-17.1 openSUSE Leap 42.3:wireshark-2.2.8-17.1 openSUSE Leap 42.3:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.8-17.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html https://www.suse.com/security/cve/CVE-2017-11408.html CVE-2017-11408 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. CVE-2017-11410 openSUSE Leap 42.2:wireshark-2.2.8-17.1 openSUSE Leap 42.2:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.8-17.1 openSUSE Leap 42.3:wireshark-2.2.8-17.1 openSUSE Leap 42.3:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.8-17.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html https://www.suse.com/security/cve/CVE-2017-11410.html CVE-2017-11410 https://bugzilla.suse.com/1033938 SUSE Bug 1033938 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. CVE-2017-11411 openSUSE Leap 42.2:wireshark-2.2.8-17.1 openSUSE Leap 42.2:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.8-17.1 openSUSE Leap 42.3:wireshark-2.2.8-17.1 openSUSE Leap 42.3:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.8-17.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html https://www.suse.com/security/cve/CVE-2017-11411.html CVE-2017-11411 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 https://bugzilla.suse.com/1049621 SUSE Bug 1049621 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. CVE-2017-7702 openSUSE Leap 42.2:wireshark-2.2.8-17.1 openSUSE Leap 42.2:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.8-17.1 openSUSE Leap 42.3:wireshark-2.2.8-17.1 openSUSE Leap 42.3:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.8-17.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html https://www.suse.com/security/cve/CVE-2017-7702.html CVE-2017-7702 https://bugzilla.suse.com/1033938 SUSE Bug 1033938 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. CVE-2017-9350 openSUSE Leap 42.2:wireshark-2.2.8-17.1 openSUSE Leap 42.2:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.8-17.1 openSUSE Leap 42.3:wireshark-2.2.8-17.1 openSUSE Leap 42.3:wireshark-devel-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.8-17.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.8-17.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00090.html https://www.suse.com/security/cve/CVE-2017-9350.html CVE-2017-9350 https://bugzilla.suse.com/1042299 SUSE Bug 1042299 https://bugzilla.suse.com/1042324 SUSE Bug 1042324 https://bugzilla.suse.com/1042330 SUSE Bug 1042330 https://bugzilla.suse.com/1042331 SUSE Bug 1042331 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 https://bugzilla.suse.com/1049621 SUSE Bug 1049621