Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0054-1 Final 1 1 2018-01-09T15:42:20Z current 2018-01-09T15:42:20Z 2018-01-09T15:42:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark to version 2.2.11 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248) - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249) - CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251) - CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341) - CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP dissector (bsc#1044417) - CVE-2017-15192: The BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (bsc#1062645) - CVE-2017-15193: The MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. (bsc#1062645) - CVE-2017-15191: The DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645) - CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727) - CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727) - CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-wireshark-13400,slessp4-wireshark-13400 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ Link for SUSE-SU-2018:0054-1 https://lists.suse.com/pipermail/sle-security-updates/2018-January/003581.html E-Mail link for SUSE-SU-2018:0054-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1044417 SUSE Bug 1044417 https://bugzilla.suse.com/1045341 SUSE Bug 1045341 https://bugzilla.suse.com/1056248 SUSE Bug 1056248 https://bugzilla.suse.com/1056249 SUSE Bug 1056249 https://bugzilla.suse.com/1056251 SUSE Bug 1056251 https://bugzilla.suse.com/1062645 SUSE Bug 1062645 https://bugzilla.suse.com/1070727 SUSE Bug 1070727 https://www.suse.com/security/cve/CVE-2017-13765/ SUSE CVE CVE-2017-13765 page https://www.suse.com/security/cve/CVE-2017-13766/ SUSE CVE CVE-2017-13766 page https://www.suse.com/security/cve/CVE-2017-13767/ SUSE CVE CVE-2017-13767 page https://www.suse.com/security/cve/CVE-2017-15191/ SUSE CVE CVE-2017-15191 page https://www.suse.com/security/cve/CVE-2017-15192/ SUSE CVE CVE-2017-15192 page https://www.suse.com/security/cve/CVE-2017-15193/ SUSE CVE CVE-2017-15193 page https://www.suse.com/security/cve/CVE-2017-17083/ SUSE CVE CVE-2017-17083 page https://www.suse.com/security/cve/CVE-2017-17084/ SUSE CVE CVE-2017-17084 page https://www.suse.com/security/cve/CVE-2017-17085/ SUSE CVE CVE-2017-17085 page https://www.suse.com/security/cve/CVE-2017-9617/ SUSE CVE CVE-2017-9617 page https://www.suse.com/security/cve/CVE-2017-9766/ SUSE CVE CVE-2017-9766 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libsmi-0.4.5-2.7.2.1 libwireshark8-2.2.11-40.14.5 libwiretap6-2.2.11-40.14.5 libwscodecs1-2.2.11-40.14.5 libwsutil7-2.2.11-40.14.5 portaudio-19-234.18.1 portaudio-devel-19-234.18.1 wireshark-2.2.11-40.14.5 wireshark-devel-2.2.11-40.14.5 wireshark-gtk-2.2.11-40.14.5 libsmi-0.4.5-2.7.2.1 as a component of SUSE Linux Enterprise Server 11 SP4 libwireshark8-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server 11 SP4 libwiretap6-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server 11 SP4 libwscodecs1-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server 11 SP4 libwsutil7-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server 11 SP4 portaudio-19-234.18.1 as a component of SUSE Linux Enterprise Server 11 SP4 wireshark-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server 11 SP4 wireshark-gtk-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server 11 SP4 libsmi-0.4.5-2.7.2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwireshark8-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwiretap6-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwscodecs1-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwsutil7-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 portaudio-19-234.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 wireshark-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 wireshark-gtk-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libsmi-0.4.5-2.7.2.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libwireshark8-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libwiretap6-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libwscodecs1-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libwsutil7-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 portaudio-19-234.18.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 portaudio-devel-19-234.18.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 wireshark-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 wireshark-devel-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 wireshark-gtk-2.2.11-40.14.5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. CVE-2017-13765 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-13765.html CVE-2017-13765 https://bugzilla.suse.com/1056251 SUSE Bug 1056251 In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. CVE-2017-13766 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-13766.html CVE-2017-13766 https://bugzilla.suse.com/1056249 SUSE Bug 1056249 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. CVE-2017-13767 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-13767.html CVE-2017-13767 https://bugzilla.suse.com/1056248 SUSE Bug 1056248 In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. CVE-2017-15191 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-15191.html CVE-2017-15191 https://bugzilla.suse.com/1062645 SUSE Bug 1062645 https://bugzilla.suse.com/983671 SUSE Bug 983671 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. CVE-2017-15192 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-15192.html CVE-2017-15192 https://bugzilla.suse.com/1062645 SUSE Bug 1062645 https://bugzilla.suse.com/983671 SUSE Bug 983671 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. CVE-2017-15193 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-15193.html CVE-2017-15193 https://bugzilla.suse.com/1062645 SUSE Bug 1062645 https://bugzilla.suse.com/983671 SUSE Bug 983671 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. CVE-2017-17083 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-17083.html CVE-2017-17083 https://bugzilla.suse.com/1070727 SUSE Bug 1070727 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. CVE-2017-17084 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-17084.html CVE-2017-17084 https://bugzilla.suse.com/1070727 SUSE Bug 1070727 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. CVE-2017-17085 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-17085.html CVE-2017-17085 https://bugzilla.suse.com/1070727 SUSE Bug 1070727 In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. CVE-2017-9617 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-9617.html CVE-2017-9617 https://bugzilla.suse.com/1044417 SUSE Bug 1044417 In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. CVE-2017-9766 SUSE Linux Enterprise Server 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libsmi-0.4.5-2.7.2.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:portaudio-devel-19-234.18.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.11-40.14.5 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.11-40.14.5 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/ https://www.suse.com/security/cve/CVE-2017-9766.html CVE-2017-9766 https://bugzilla.suse.com/1045341 SUSE Bug 1045341