Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2184-1 Final 1 1 2018-08-03T14:49:01Z current 2018-08-03T14:49:01Z 2018-08-03T14:49:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, boo#1101777) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, boo#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, boo#1101804) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, boo#1101786) - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, boo#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, boo#1101776) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, boo#1101794) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, boo#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, boo#1101791) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, boo#1101802) Bug fixes: - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.8.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html E-Mail link for openSUSE-SU-2018:2184-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libwireshark9-2.4.8-lp150.2.6.1 libwiretap7-2.4.8-lp150.2.6.1 libwscodecs1-2.4.8-lp150.2.6.1 libwsutil8-2.4.8-lp150.2.6.1 wireshark-2.4.8-lp150.2.6.1 wireshark-devel-2.4.8-lp150.2.6.1 wireshark-ui-qt-2.4.8-lp150.2.6.1 libwireshark9-2.4.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 libwiretap7-2.4.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 libwscodecs1-2.4.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 libwsutil8-2.4.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 wireshark-2.4.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 wireshark-devel-2.4.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 wireshark-ui-qt-2.4.8-lp150.2.6.1 as a component of openSUSE Leap 15.0 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. CVE-2018-14339 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14339.html CVE-2018-14339 https://bugzilla.suse.com/1101810 SUSE Bug 1101810 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. CVE-2018-14340 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14340.html CVE-2018-14340 https://bugzilla.suse.com/1101804 SUSE Bug 1101804 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. CVE-2018-14341 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14341.html CVE-2018-14341 https://bugzilla.suse.com/1101776 SUSE Bug 1101776 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. CVE-2018-14342 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14342.html CVE-2018-14342 https://bugzilla.suse.com/1101777 SUSE Bug 1101777 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. CVE-2018-14343 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14343.html CVE-2018-14343 https://bugzilla.suse.com/1101786 SUSE Bug 1101786 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. CVE-2018-14344 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14344.html CVE-2018-14344 https://bugzilla.suse.com/1101788 SUSE Bug 1101788 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. CVE-2018-14367 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14367.html CVE-2018-14367 https://bugzilla.suse.com/1101791 SUSE Bug 1101791 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. CVE-2018-14368 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14368.html CVE-2018-14368 https://bugzilla.suse.com/1101794 SUSE Bug 1101794 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. CVE-2018-14369 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14369.html CVE-2018-14369 https://bugzilla.suse.com/1101800 SUSE Bug 1101800 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. CVE-2018-14370 openSUSE Leap 15.0:libwireshark9-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.8-lp150.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.8-lp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00004.html https://www.suse.com/security/cve/CVE-2018-14370.html CVE-2018-14370 https://bugzilla.suse.com/1101802 SUSE Bug 1101802