Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1087-1 Final 1 1 2017-04-21T08:05:09Z current 2017-04-21T08:05:09Z 2017-04-21T08:05:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update to Wireshark 2.2.6 fixes minor vulnerabilities that could be used to trigger a dissector crash or infinite loops by sending specially crafted packages over the network or into a capture file: * CVE-2017-7700: NetScaler file parser infinite loop (boo#1033936) * CVE-2017-7701: BGP dissector infinite loop (boo#1033937) * CVE-2017-7702: WBMXL dissector infinite loop (boo#1033938) * CVE-2017-7703: IMAP dissector crash (boo#1033939) * CVE-2017-7704: DOF dissector infinite loop (boo#1033940) * CVE-2017-7705: RPCoRDMA dissector infinite loop (boo#1033941) * CVE-2017-7745: SIGCOMP dissector infinite loop (boo#1033942) * CVE-2017-7746: SLSK dissector long loop (boo#1033943) * CVE-2017-7747: PacketBB dissector crash (boo#1033944) * CVE-2017-7748: WSP dissector infinite loop (boo#1033945) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html E-Mail link for openSUSE-SU-2017:1087-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 wireshark-2.2.6-14.3.1 wireshark-devel-2.2.6-14.3.1 wireshark-ui-gtk-2.2.6-14.3.1 wireshark-ui-qt-2.2.6-14.3.1 wireshark-2.2.6-14.3.1 as a component of openSUSE Leap 42.2 wireshark-devel-2.2.6-14.3.1 as a component of openSUSE Leap 42.2 wireshark-ui-gtk-2.2.6-14.3.1 as a component of openSUSE Leap 42.2 wireshark-ui-qt-2.2.6-14.3.1 as a component of openSUSE Leap 42.2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. CVE-2017-7700 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7700.html CVE-2017-7700 https://bugzilla.suse.com/1033936 SUSE Bug 1033936 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. CVE-2017-7701 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7701.html CVE-2017-7701 https://bugzilla.suse.com/1033937 SUSE Bug 1033937 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. CVE-2017-7702 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7702.html CVE-2017-7702 https://bugzilla.suse.com/1033938 SUSE Bug 1033938 https://bugzilla.suse.com/1049255 SUSE Bug 1049255 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. CVE-2017-7703 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7703.html CVE-2017-7703 https://bugzilla.suse.com/1033939 SUSE Bug 1033939 In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. CVE-2017-7704 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7704.html CVE-2017-7704 https://bugzilla.suse.com/1033940 SUSE Bug 1033940 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. CVE-2017-7705 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7705.html CVE-2017-7705 https://bugzilla.suse.com/1033941 SUSE Bug 1033941 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. CVE-2017-7745 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7745.html CVE-2017-7745 https://bugzilla.suse.com/1033942 SUSE Bug 1033942 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. CVE-2017-7746 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7746.html CVE-2017-7746 https://bugzilla.suse.com/1033943 SUSE Bug 1033943 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. CVE-2017-7747 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7747.html CVE-2017-7747 https://bugzilla.suse.com/1033944 SUSE Bug 1033944 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. CVE-2017-7748 openSUSE Leap 42.2:wireshark-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-devel-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-gtk-2.2.6-14.3.1 openSUSE Leap 42.2:wireshark-ui-qt-2.2.6-14.3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00088.html https://www.suse.com/security/cve/CVE-2017-7748.html CVE-2017-7748 https://bugzilla.suse.com/1033945 SUSE Bug 1033945