Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0540-1 Final 1 1 2018-02-25T06:13:11Z current 2018-02-25T06:13:11Z 2018-02-25T06:13:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for Wireshark to version 2.2.13 fixes a number of minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files: (boo#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash - CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333, CVE-2018-7421: Multiple dissectors could go into large infinite loops - CVE-2018-7334: The UMTS MAC dissector could crash - CVE-2018-7337: The DOCSIS dissector could crash - CVE-2018-7336: The FCP dissector could crash - CVE-2018-7320: The SIGCOMP dissector could crash - CVE-2018-7420: The pcapng file parser could crash - CVE-2018-7417: The IPMI dissector could crash - CVE-2018-7418: The SIGCOMP dissector could crash - CVE-2018-7419: The NBAP disssector could crash This update also contains further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html E-Mail link for openSUSE-SU-2018:0540-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 wireshark-2.2.13-35.1 wireshark-devel-2.2.13-35.1 wireshark-ui-gtk-2.2.13-35.1 wireshark-ui-qt-2.2.13-35.1 wireshark-2.2.13-35.1 as a component of openSUSE Leap 42.3 wireshark-devel-2.2.13-35.1 as a component of openSUSE Leap 42.3 wireshark-ui-gtk-2.2.13-35.1 as a component of openSUSE Leap 42.3 wireshark-ui-qt-2.2.13-35.1 as a component of openSUSE Leap 42.3 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVE-2018-7320 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7320.html CVE-2018-7320 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. CVE-2018-7321 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7321.html CVE-2018-7321 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. CVE-2018-7322 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7322.html CVE-2018-7322 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. CVE-2018-7323 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7323.html CVE-2018-7323 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. CVE-2018-7324 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7324.html CVE-2018-7324 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. CVE-2018-7325 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7325.html CVE-2018-7325 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. CVE-2018-7326 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7326.html CVE-2018-7326 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. CVE-2018-7327 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7327.html CVE-2018-7327 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. CVE-2018-7328 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7328.html CVE-2018-7328 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. CVE-2018-7329 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7329.html CVE-2018-7329 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. CVE-2018-7330 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7330.html CVE-2018-7330 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. CVE-2018-7331 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7331.html CVE-2018-7331 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. CVE-2018-7332 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7332.html CVE-2018-7332 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. CVE-2018-7333 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7333.html CVE-2018-7333 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. CVE-2018-7334 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7334.html CVE-2018-7334 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. CVE-2018-7335 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7335.html CVE-2018-7335 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. CVE-2018-7336 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7336.html CVE-2018-7336 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. CVE-2018-7337 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7337.html CVE-2018-7337 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. CVE-2018-7417 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7417.html CVE-2018-7417 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. CVE-2018-7418 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7418.html CVE-2018-7418 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. CVE-2018-7419 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7419.html CVE-2018-7419 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. CVE-2018-7420 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7420.html CVE-2018-7420 https://bugzilla.suse.com/1082692 SUSE Bug 1082692 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. CVE-2018-7421 openSUSE Leap 42.3:wireshark-2.2.13-35.1 openSUSE Leap 42.3:wireshark-devel-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-gtk-2.2.13-35.1 openSUSE Leap 42.3:wireshark-ui-qt-2.2.13-35.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00104.html https://www.suse.com/security/cve/CVE-2018-7421.html CVE-2018-7421 https://bugzilla.suse.com/1082692 SUSE Bug 1082692