Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2891-2 Final 1 1 2018-10-18T12:48:30Z current 2018-10-18T12:48:30Z 2018-10-18T12:48:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SERVER-12-SP2-BCL-2018-2051 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ Link for SUSE-SU-2018:2891-2 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004690.html E-Mail link for SUSE-SU-2018:2891-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1094301 SUSE Bug 1094301 https://bugzilla.suse.com/1101776 SUSE Bug 1101776 https://bugzilla.suse.com/1101777 SUSE Bug 1101777 https://bugzilla.suse.com/1101786 SUSE Bug 1101786 https://bugzilla.suse.com/1101788 SUSE Bug 1101788 https://bugzilla.suse.com/1101791 SUSE Bug 1101791 https://bugzilla.suse.com/1101794 SUSE Bug 1101794 https://bugzilla.suse.com/1101800 SUSE Bug 1101800 https://bugzilla.suse.com/1101802 SUSE Bug 1101802 https://bugzilla.suse.com/1101804 SUSE Bug 1101804 https://bugzilla.suse.com/1101810 SUSE Bug 1101810 https://bugzilla.suse.com/1106514 SUSE Bug 1106514 https://www.suse.com/security/cve/CVE-2018-11354/ SUSE CVE CVE-2018-11354 page https://www.suse.com/security/cve/CVE-2018-11355/ SUSE CVE CVE-2018-11355 page https://www.suse.com/security/cve/CVE-2018-11356/ SUSE CVE CVE-2018-11356 page https://www.suse.com/security/cve/CVE-2018-11357/ SUSE CVE CVE-2018-11357 page https://www.suse.com/security/cve/CVE-2018-11358/ SUSE CVE CVE-2018-11358 page https://www.suse.com/security/cve/CVE-2018-11359/ SUSE CVE CVE-2018-11359 page https://www.suse.com/security/cve/CVE-2018-11360/ SUSE CVE CVE-2018-11360 page https://www.suse.com/security/cve/CVE-2018-11361/ SUSE CVE CVE-2018-11361 page https://www.suse.com/security/cve/CVE-2018-11362/ SUSE CVE CVE-2018-11362 page https://www.suse.com/security/cve/CVE-2018-14339/ SUSE CVE CVE-2018-14339 page https://www.suse.com/security/cve/CVE-2018-14340/ SUSE CVE CVE-2018-14340 page https://www.suse.com/security/cve/CVE-2018-14341/ SUSE CVE CVE-2018-14341 page https://www.suse.com/security/cve/CVE-2018-14342/ SUSE CVE CVE-2018-14342 page https://www.suse.com/security/cve/CVE-2018-14343/ SUSE CVE CVE-2018-14343 page https://www.suse.com/security/cve/CVE-2018-14344/ SUSE CVE CVE-2018-14344 page https://www.suse.com/security/cve/CVE-2018-14367/ SUSE CVE CVE-2018-14367 page https://www.suse.com/security/cve/CVE-2018-14368/ SUSE CVE CVE-2018-14368 page https://www.suse.com/security/cve/CVE-2018-14369/ SUSE CVE CVE-2018-14369 page https://www.suse.com/security/cve/CVE-2018-14370/ SUSE CVE CVE-2018-14370 page https://www.suse.com/security/cve/CVE-2018-16056/ SUSE CVE CVE-2018-16056 page https://www.suse.com/security/cve/CVE-2018-16057/ SUSE CVE CVE-2018-16057 page https://www.suse.com/security/cve/CVE-2018-16058/ SUSE CVE CVE-2018-16058 page SUSE Linux Enterprise Server 12 SP2-BCL libwireshark9-2.4.9-48.29.1 libwiretap7-2.4.9-48.29.1 libwscodecs1-2.4.9-48.29.1 libwsutil8-2.4.9-48.29.1 wireshark-2.4.9-48.29.1 wireshark-gtk-2.4.9-48.29.1 libwireshark9-2.4.9-48.29.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libwiretap7-2.4.9-48.29.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libwscodecs1-2.4.9-48.29.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libwsutil8-2.4.9-48.29.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL wireshark-2.4.9-48.29.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL wireshark-gtk-2.4.9-48.29.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. CVE-2018-11354 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11354.html CVE-2018-11354 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. CVE-2018-11355 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11355.html CVE-2018-11355 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. CVE-2018-11356 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11356.html CVE-2018-11356 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. CVE-2018-11357 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11357.html CVE-2018-11357 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. CVE-2018-11358 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11358.html CVE-2018-11358 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. CVE-2018-11359 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11359.html CVE-2018-11359 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. CVE-2018-11360 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11360.html CVE-2018-11360 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. CVE-2018-11361 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11361.html CVE-2018-11361 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. CVE-2018-11362 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-11362.html CVE-2018-11362 https://bugzilla.suse.com/1094301 SUSE Bug 1094301 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. CVE-2018-14339 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14339.html CVE-2018-14339 https://bugzilla.suse.com/1101810 SUSE Bug 1101810 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. CVE-2018-14340 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14340.html CVE-2018-14340 https://bugzilla.suse.com/1101804 SUSE Bug 1101804 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. CVE-2018-14341 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14341.html CVE-2018-14341 https://bugzilla.suse.com/1101776 SUSE Bug 1101776 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. CVE-2018-14342 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14342.html CVE-2018-14342 https://bugzilla.suse.com/1101777 SUSE Bug 1101777 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. CVE-2018-14343 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14343.html CVE-2018-14343 https://bugzilla.suse.com/1101786 SUSE Bug 1101786 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. CVE-2018-14344 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14344.html CVE-2018-14344 https://bugzilla.suse.com/1101788 SUSE Bug 1101788 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. CVE-2018-14367 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14367.html CVE-2018-14367 https://bugzilla.suse.com/1101791 SUSE Bug 1101791 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. CVE-2018-14368 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14368.html CVE-2018-14368 https://bugzilla.suse.com/1101794 SUSE Bug 1101794 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. CVE-2018-14369 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14369.html CVE-2018-14369 https://bugzilla.suse.com/1101800 SUSE Bug 1101800 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. CVE-2018-14370 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-14370.html CVE-2018-14370 https://bugzilla.suse.com/1101802 SUSE Bug 1101802 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. CVE-2018-16056 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-16056.html CVE-2018-16056 https://bugzilla.suse.com/1106514 SUSE Bug 1106514 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. CVE-2018-16057 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-16057.html CVE-2018-16057 https://bugzilla.suse.com/1106514 SUSE Bug 1106514 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. CVE-2018-16058 SUSE Linux Enterprise Server 12 SP2-BCL:libwireshark9-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwiretap7-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwscodecs1-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:libwsutil8-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-2.4.9-48.29.1 SUSE Linux Enterprise Server 12 SP2-BCL:wireshark-gtk-2.4.9-48.29.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182891-2/ https://www.suse.com/security/cve/CVE-2018-16058.html CVE-2018-16058 https://bugzilla.suse.com/1106514 SUSE Bug 1106514