Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0179-1 Final 1 1 2018-01-23T09:39:52Z current 2018-01-23T09:39:52Z 2018-01-23T09:39:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-wireshark-13431,slessp4-wireshark-13431 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180179-1/ Link for SUSE-SU-2018:0179-1 https://lists.suse.com/pipermail/sle-security-updates/2018-January/003621.html E-Mail link for SUSE-SU-2018:0179-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1074171 SUSE Bug 1074171 https://bugzilla.suse.com/1075737 SUSE Bug 1075737 https://bugzilla.suse.com/1075738 SUSE Bug 1075738 https://bugzilla.suse.com/1075739 SUSE Bug 1075739 https://bugzilla.suse.com/1075748 SUSE Bug 1075748 https://www.suse.com/security/cve/CVE-2017-17935/ SUSE CVE CVE-2017-17935 page https://www.suse.com/security/cve/CVE-2018-5334/ SUSE CVE CVE-2018-5334 page https://www.suse.com/security/cve/CVE-2018-5335/ SUSE CVE CVE-2018-5335 page https://www.suse.com/security/cve/CVE-2018-5336/ SUSE CVE CVE-2018-5336 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libwireshark8-2.2.12-40.17.1 libwiretap6-2.2.12-40.17.1 libwscodecs1-2.2.12-40.17.1 libwsutil7-2.2.12-40.17.1 wireshark-2.2.12-40.17.1 wireshark-devel-2.2.12-40.17.1 wireshark-gtk-2.2.12-40.17.1 libwireshark8-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server 11 SP4 libwiretap6-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server 11 SP4 libwscodecs1-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server 11 SP4 libwsutil7-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server 11 SP4 wireshark-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server 11 SP4 wireshark-gtk-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server 11 SP4 libwireshark8-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwiretap6-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwscodecs1-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwsutil7-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 wireshark-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 wireshark-gtk-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libwireshark8-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libwiretap6-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libwscodecs1-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libwsutil7-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 wireshark-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 wireshark-devel-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 wireshark-gtk-2.2.12-40.17.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. CVE-2017-17935 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.12-40.17.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180179-1/ https://www.suse.com/security/cve/CVE-2017-17935.html CVE-2017-17935 https://bugzilla.suse.com/1074171 SUSE Bug 1074171 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. CVE-2018-5334 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.12-40.17.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180179-1/ https://www.suse.com/security/cve/CVE-2018-5334.html CVE-2018-5334 https://bugzilla.suse.com/1075737 SUSE Bug 1075737 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. CVE-2018-5335 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.12-40.17.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180179-1/ https://www.suse.com/security/cve/CVE-2018-5335.html CVE-2018-5335 https://bugzilla.suse.com/1075738 SUSE Bug 1075738 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. CVE-2018-5336 SUSE Linux Enterprise Server 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:wireshark-gtk-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwireshark8-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwiretap6-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwscodecs1-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libwsutil7-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-devel-2.2.12-40.17.1 SUSE Linux Enterprise Software Development Kit 11 SP4:wireshark-gtk-2.2.12-40.17.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180179-1/ https://www.suse.com/security/cve/CVE-2018-5336.html CVE-2018-5336 https://bugzilla.suse.com/1075739 SUSE Bug 1075739