Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1215-1 Final 1 1 2015-07-02T08:17:36Z current 2015-07-02T08:17:36Z 2015-07-02T08:17:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark Wireshark was updated to 1.12.6 to fix two security issues. The following vulnerabilities were fixed: - CVE-2015-4651: The WCCP dissector crashed when reading specially crafted packages from the network or a capture files (wnpa-sec-2015-19, boo#935157). - CVE-2015-4652: The GSM DTAP dissector crashed when reading specially crafted packages from the network or a capture file (wnpa-sec-2015-20, boo#935158). This update also contains further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.6.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2015-07/msg00020.html E-Mail link for openSUSE-SU-2015:1215-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 wireshark-1.12.6-18.1 wireshark-debuginfo-1.12.6-18.1 wireshark-debugsource-1.12.6-18.1 wireshark-devel-1.12.6-18.1 wireshark-ui-gtk-1.12.6-18.1 wireshark-ui-gtk-debuginfo-1.12.6-18.1 wireshark-ui-qt-1.12.6-18.1 wireshark-ui-qt-debuginfo-1.12.6-18.1 wireshark-1.12.6-18.1 as a component of openSUSE 13.2 wireshark-debuginfo-1.12.6-18.1 as a component of openSUSE 13.2 wireshark-debugsource-1.12.6-18.1 as a component of openSUSE 13.2 wireshark-devel-1.12.6-18.1 as a component of openSUSE 13.2 wireshark-ui-gtk-1.12.6-18.1 as a component of openSUSE 13.2 wireshark-ui-gtk-debuginfo-1.12.6-18.1 as a component of openSUSE 13.2 wireshark-ui-qt-1.12.6-18.1 as a component of openSUSE 13.2 wireshark-ui-qt-debuginfo-1.12.6-18.1 as a component of openSUSE 13.2 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-4651 openSUSE 13.2:wireshark-1.12.6-18.1 openSUSE 13.2:wireshark-debuginfo-1.12.6-18.1 openSUSE 13.2:wireshark-debugsource-1.12.6-18.1 openSUSE 13.2:wireshark-devel-1.12.6-18.1 openSUSE 13.2:wireshark-ui-gtk-1.12.6-18.1 openSUSE 13.2:wireshark-ui-gtk-debuginfo-1.12.6-18.1 openSUSE 13.2:wireshark-ui-qt-1.12.6-18.1 openSUSE 13.2:wireshark-ui-qt-debuginfo-1.12.6-18.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-07/msg00020.html https://www.suse.com/security/cve/CVE-2015-4651.html CVE-2015-4651 https://bugzilla.suse.com/935157 SUSE Bug 935157 epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. CVE-2015-4652 openSUSE 13.2:wireshark-1.12.6-18.1 openSUSE 13.2:wireshark-debuginfo-1.12.6-18.1 openSUSE 13.2:wireshark-debugsource-1.12.6-18.1 openSUSE 13.2:wireshark-devel-1.12.6-18.1 openSUSE 13.2:wireshark-ui-gtk-1.12.6-18.1 openSUSE 13.2:wireshark-ui-gtk-debuginfo-1.12.6-18.1 openSUSE 13.2:wireshark-ui-qt-1.12.6-18.1 openSUSE 13.2:wireshark-ui-qt-debuginfo-1.12.6-18.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-07/msg00020.html https://www.suse.com/security/cve/CVE-2015-4652.html CVE-2015-4652 https://bugzilla.suse.com/935158 SUSE Bug 935158