SUSE-SU-2018:1988-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1988-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1988-1
Related
Published
2018-07-19T07:32:17Z
Modified
2018-07-19T07:32:17Z
Summary
Security update for wireshark
Details

This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301).

This includes:

  • CVE-2018-11356: DNS dissector crash
  • CVE-2018-11357: Multiple dissectors could consume excessive memory
  • CVE-2018-11358: Q.931 dissector crash
  • CVE-2018-11359: The RRC dissector and other dissectors could crash
  • CVE-2018-11360: GSM A DTAP dissector crash
  • CVE-2018-11362: LDSS dissector crash
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / wireshark

Package

Name
wireshark
Purl
purl:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-3.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "libwireshark9": "2.4.7-3.3.4",
            "libwscodecs1": "2.4.7-3.3.4",
            "wireshark": "2.4.7-3.3.4",
            "libwiretap7": "2.4.7-3.3.4",
            "libwsutil8": "2.4.7-3.3.4"
        }
    ]
}

SUSE:Linux Enterprise Module for Desktop Applications 15 / wireshark

Package

Name
wireshark
Purl
purl:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-3.3.4

Ecosystem specific 

{
    "binaries": [
        {
            "wireshark-devel": "2.4.7-3.3.4",
            "wireshark-ui-qt": "2.4.7-3.3.4"
        }
    ]
}