Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2107-1 Final 1 1 2020-11-29T11:30:29Z current 2020-11-29T11:30:29Z 2020-11-29T11:30:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: - wireshark was updated to 3.2.8: - CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406) - CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291) * Infinite memory allocation while parsing this tcp packet This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2107 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7DRKIYJDZYHG7KXDJ3T5Y3UU4KEC2QGD/ E-Mail link for openSUSE-SU-2020:2107-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177406 SUSE Bug 1177406 https://bugzilla.suse.com/1178291 SUSE Bug 1178291 https://www.suse.com/security/cve/CVE-2020-26575/ SUSE CVE CVE-2020-26575 page https://www.suse.com/security/cve/CVE-2020-28030/ SUSE CVE CVE-2020-28030 page openSUSE Leap 15.1 libwireshark13-3.2.8-lp151.2.18.1 libwiretap10-3.2.8-lp151.2.18.1 libwsutil11-3.2.8-lp151.2.18.1 wireshark-3.2.8-lp151.2.18.1 wireshark-devel-3.2.8-lp151.2.18.1 wireshark-ui-qt-3.2.8-lp151.2.18.1 libwireshark13-3.2.8-lp151.2.18.1 as a component of openSUSE Leap 15.1 libwiretap10-3.2.8-lp151.2.18.1 as a component of openSUSE Leap 15.1 libwsutil11-3.2.8-lp151.2.18.1 as a component of openSUSE Leap 15.1 wireshark-3.2.8-lp151.2.18.1 as a component of openSUSE Leap 15.1 wireshark-devel-3.2.8-lp151.2.18.1 as a component of openSUSE Leap 15.1 wireshark-ui-qt-3.2.8-lp151.2.18.1 as a component of openSUSE Leap 15.1 In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. CVE-2020-26575 openSUSE Leap 15.1:libwireshark13-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:libwiretap10-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:libwsutil11-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:wireshark-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:wireshark-devel-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:wireshark-ui-qt-3.2.8-lp151.2.18.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7DRKIYJDZYHG7KXDJ3T5Y3UU4KEC2QGD/ https://www.suse.com/security/cve/CVE-2020-26575.html CVE-2020-26575 https://bugzilla.suse.com/1177406 SUSE Bug 1177406 https://bugzilla.suse.com/1178290 SUSE Bug 1178290 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. CVE-2020-28030 openSUSE Leap 15.1:libwireshark13-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:libwiretap10-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:libwsutil11-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:wireshark-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:wireshark-devel-3.2.8-lp151.2.18.1 openSUSE Leap 15.1:wireshark-ui-qt-3.2.8-lp151.2.18.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7DRKIYJDZYHG7KXDJ3T5Y3UU4KEC2QGD/ https://www.suse.com/security/cve/CVE-2020-28030.html CVE-2020-28030 https://bugzilla.suse.com/1178291 SUSE Bug 1178291