Security update for wireshark

Announcement ID: SUSE-SU-2015:1713-1
Rating: moderate
References:
Cross-References:
CVSS scores:
Affected Products:
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Software Development Kit 12

An update that solves 10 vulnerabilities can now be installed.

Description:

Wireshark has been updated to 1.12.7. (FATE#319388)

The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html

Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-661=1
  • SUSE Linux Enterprise Software Development Kit 12
    zypper in -t patch SUSE-SLE-SDK-12-2015-661=1
  • SUSE Linux Enterprise Server 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-661=1
  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-661=1

Package List:

  • SUSE Linux Enterprise Desktop 12 (x86_64)
    • wireshark-debugsource-1.12.7-15.1
    • wireshark-debuginfo-1.12.7-15.1
    • wireshark-1.12.7-15.1
  • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
    • wireshark-debugsource-1.12.7-15.1
    • wireshark-debuginfo-1.12.7-15.1
    • wireshark-devel-1.12.7-15.1
  • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
    • wireshark-debugsource-1.12.7-15.1
    • wireshark-debuginfo-1.12.7-15.1
    • wireshark-1.12.7-15.1
  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • wireshark-debugsource-1.12.7-15.1
    • wireshark-debuginfo-1.12.7-15.1
    • wireshark-1.12.7-15.1

References: