Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3376-1 Final 1 1 2020-11-19T08:29:31Z current 2020-11-19T08:29:31Z 2020-11-19T08:29:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: - wireshark was updated to 3.2.8: - CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406) - CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291) * Infinite memory allocation while parsing this tcp packet The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2020-3376,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2020-3376,Image SLES15-SP4-SAP-Azure-LI-BYOS-2020-3376,Image SLES15-SP4-SAP-Azure-LI-BYOS-Production-2020-3376,Image SLES15-SP4-SAP-Azure-VLI-BYOS-2020-3376,Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production-2020-3376,Image SLES15-SP5-SAP-Azure-LI-BYOS-2020-3376,Image SLES15-SP5-SAP-Azure-LI-BYOS-Production-2020-3376,Image SLES15-SP5-SAP-Azure-VLI-BYOS-2020-3376,Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production-2020-3376,SUSE-2020-3376,SUSE-SLE-Module-Basesystem-15-SP1-2020-3376,SUSE-SLE-Module-Basesystem-15-SP2-2020-3376,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3376,SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3376 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203376-1/ Link for SUSE-SU-2020:3376-1 https://lists.suse.com/pipermail/sle-security-updates/2020-November/007794.html E-Mail link for SUSE-SU-2020:3376-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177406 SUSE Bug 1177406 https://bugzilla.suse.com/1178291 SUSE Bug 1178291 https://www.suse.com/security/cve/CVE-2020-26575/ SUSE CVE CVE-2020-26575 page https://www.suse.com/security/cve/CVE-2020-28030/ SUSE CVE CVE-2020-28030 page Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 wireshark-3.2.8-3.44.1 libwireshark13-3.2.8-3.44.1 libwiretap10-3.2.8-3.44.1 libwsutil11-3.2.8-3.44.1 wireshark-devel-3.2.8-3.44.1 wireshark-ui-qt-3.2.8-3.44.1 wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP4-SAP-Azure-LI-BYOS wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP4-SAP-Azure-LI-BYOS-Production wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP4-SAP-Azure-VLI-BYOS wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS-Production wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS wireshark-3.2.8-3.44.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production libwireshark13-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libwiretap10-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libwsutil11-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 wireshark-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libwireshark13-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libwiretap10-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libwsutil11-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 wireshark-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 wireshark-devel-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 wireshark-ui-qt-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 wireshark-devel-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 wireshark-ui-qt-3.2.8-3.44.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2 In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. CVE-2020-26575 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-LI-BYOS:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:wireshark-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libwireshark13-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libwiretap10-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libwsutil11-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:wireshark-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libwireshark13-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libwiretap10-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libwsutil11-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:wireshark-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:wireshark-devel-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:wireshark-ui-qt-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wireshark-devel-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wireshark-ui-qt-3.2.8-3.44.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203376-1/ https://www.suse.com/security/cve/CVE-2020-26575.html CVE-2020-26575 https://bugzilla.suse.com/1177406 SUSE Bug 1177406 https://bugzilla.suse.com/1178290 SUSE Bug 1178290 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. CVE-2020-28030 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-LI-BYOS:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP4-SAP-Azure-VLI-BYOS:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:wireshark-3.2.8-3.44.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:wireshark-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libwireshark13-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libwiretap10-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libwsutil11-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:wireshark-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libwireshark13-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libwiretap10-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libwsutil11-3.2.8-3.44.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:wireshark-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:wireshark-devel-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:wireshark-ui-qt-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wireshark-devel-3.2.8-3.44.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wireshark-ui-qt-3.2.8-3.44.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203376-1/ https://www.suse.com/security/cve/CVE-2020-28030.html CVE-2020-28030 https://bugzilla.suse.com/1178291 SUSE Bug 1178291