SUSE-SU-2018:0054-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0054-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:0054-1
- Related
- Published
- 2018-01-09T15:42:20Z
- Modified
- 2018-01-09T15:42:20Z
- Summary
- Security update for wireshark
- Details
-
This update for wireshark to version 2.2.11 fixes several issues.
These security issues were fixed:
- CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248)
- CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249)
- CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251)
- CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341)
- CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissectdaapone_tag function in the DAAP dissector (bsc#1044417)
- CVE-2017-15192: The BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (bsc#1062645)
- CVE-2017-15193: The MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. (bsc#1062645)
- CVE-2017-15191: The DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645)
- CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727)
- CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727)
- CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727)
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/
- https://bugzilla.suse.com/1044417
- https://bugzilla.suse.com/1045341
- https://bugzilla.suse.com/1056248
- https://bugzilla.suse.com/1056249
- https://bugzilla.suse.com/1056251
- https://bugzilla.suse.com/1062645
- https://bugzilla.suse.com/1070727
- https://www.suse.com/security/cve/CVE-2017-13765
- https://www.suse.com/security/cve/CVE-2017-13766
- https://www.suse.com/security/cve/CVE-2017-13767
- https://www.suse.com/security/cve/CVE-2017-15191
- https://www.suse.com/security/cve/CVE-2017-15192
- https://www.suse.com/security/cve/CVE-2017-15193
- https://www.suse.com/security/cve/CVE-2017-17083
- https://www.suse.com/security/cve/CVE-2017-17084
- https://www.suse.com/security/cve/CVE-2017-17085
- https://www.suse.com/security/cve/CVE-2017-9617
- https://www.suse.com/security/cve/CVE-2017-9766
Affected packages
SUSE:Linux Enterprise Software Development Kit 11 SP4 / libsmi
Package
- Name
- libsmi
- Purl
- purl:rpm/suse/libsmi&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.4.5-2.7.2.1
Ecosystem specific
{
"binaries": [
{
"wireshark": "2.2.11-40.14.5",
"libsmi": "0.4.5-2.7.2.1",
"portaudio-devel": "19-234.18.1",
"libwiretap6": "2.2.11-40.14.5",
"portaudio": "19-234.18.1",
"wireshark-devel": "2.2.11-40.14.5",
"libwscodecs1": "2.2.11-40.14.5",
"wireshark-gtk": "2.2.11-40.14.5",
"libwsutil7": "2.2.11-40.14.5",
"libwireshark8": "2.2.11-40.14.5"
}
]
}
SUSE:Linux Enterprise Software Development Kit 11 SP4 / portaudio
Package
- Name
- portaudio
- Purl
- purl:rpm/suse/portaudio&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed19-234.18.1
Ecosystem specific
{
"binaries": [
{
"wireshark": "2.2.11-40.14.5",
"libsmi": "0.4.5-2.7.2.1",
"portaudio-devel": "19-234.18.1",
"libwiretap6": "2.2.11-40.14.5",
"portaudio": "19-234.18.1",
"wireshark-devel": "2.2.11-40.14.5",
"libwscodecs1": "2.2.11-40.14.5",
"wireshark-gtk": "2.2.11-40.14.5",
"libwsutil7": "2.2.11-40.14.5",
"libwireshark8": "2.2.11-40.14.5"
}
]
}
SUSE:Linux Enterprise Software Development Kit 11 SP4 / wireshark
Package
- Name
- wireshark
- Purl
- purl:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.11-40.14.5
Ecosystem specific
{
"binaries": [
{
"wireshark": "2.2.11-40.14.5",
"libsmi": "0.4.5-2.7.2.1",
"portaudio-devel": "19-234.18.1",
"libwiretap6": "2.2.11-40.14.5",
"portaudio": "19-234.18.1",
"wireshark-devel": "2.2.11-40.14.5",
"libwscodecs1": "2.2.11-40.14.5",
"wireshark-gtk": "2.2.11-40.14.5",
"libwsutil7": "2.2.11-40.14.5",
"libwireshark8": "2.2.11-40.14.5"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 / libsmi
Package
- Name
- libsmi
- Purl
- purl:rpm/suse/libsmi&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
SUSE:Linux Enterprise Server 11 SP4 / portaudio
Package
- Name
- portaudio
- Purl
- purl:rpm/suse/portaudio&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
SUSE:Linux Enterprise Server 11 SP4 / wireshark
Package
- Name
- wireshark
- Purl
- purl:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / libsmi
Package
- Name
- libsmi
- Purl
- purl:rpm/suse/libsmi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / portaudio
Package
- Name
- portaudio
- Purl
- purl:rpm/suse/portaudio&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4