Security update for wireshark

Announcement ID:	SUSE-SU-2016:2453-1
Rating:	moderate
References:	bsc#983671 bsc#991012 bsc#991013 bsc#991015 bsc#991016 bsc#991017 bsc#991018 bsc#991019 bsc#991020
Cross-References:	CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511
CVSS scores:	CVE-2016-5350 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5350 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5351 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5351 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5352 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5352 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5353 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5353 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5354 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5354 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5355 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5355 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5356 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5356 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5357 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5357 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5358 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5358 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5359 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-5359 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6504 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6505 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6506 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6507 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6508 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6509 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6510 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6511 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1

An update that solves 18 vulnerabilities can now be installed.

Description:

wireshark was updated to version 1.12.13 to fix the following issues:

CVE-2016-6504: wireshark: NDS dissector crash (bnc#991012)
CVE-2016-6505: wireshark: PacketBB dissector could divide by zero (bnc#991013)
CVE-2016-6506: wireshark: WSP infinite loop (bnc#991015)
CVE-2016-6507: wireshark: MMSE infinite loop (bnc#991016)
CVE-2016-6508: wireshark: RLC long loop (bnc#991017)
CVE-2016-6509: wireshark: LDSS dissector crash (bnc#991018)
CVE-2016-6510: wireshark: RLC dissector crash (bnc#991019)
CVE-2016-6511: wireshark: OpenFlow long loop (bnc991020)
CVE-2016-5350: SPOOLS infinite loop (bsc#983671).
CVE-2016-5351: IEEE 802.11 dissector crash (bsc#983671).
CVE-2016-5352: IEEE 802.11 dissector crash, different from wpna-sec-2016-30 (bsc#983671).
CVE-2016-5353: UMTS FP crash (bsc#983671).
CVE-2016-5354: USB dissector crash (bsc#983671).
CVE-2016-5355: Toshiba file parser crash (bsc#983671).
CVE-2016-5356: CoSine file parser crash (bsc#983671).
CVE-2016-5357: NetScreen file parser crash (bsc#983671).
CVE-2016-5358: Ethernet dissector crash (bsc#983671).
CVE-2016-5359: WBXML infinite loop (bsc#983671).

For more details please see: https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Desktop 12 SP1
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1429=1
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1429=1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1429=1
SUSE Linux Enterprise Server 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1429=1

Package List:

SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
- wireshark-debuginfo-1.12.13-31.1
- wireshark-1.12.13-31.1
- wireshark-debugsource-1.12.13-31.1
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- wireshark-debuginfo-1.12.13-31.1
- wireshark-devel-1.12.13-31.1
- wireshark-debugsource-1.12.13-31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
- wireshark-debuginfo-1.12.13-31.1
- wireshark-1.12.13-31.1
- wireshark-debugsource-1.12.13-31.1
SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
- wireshark-debuginfo-1.12.13-31.1
- wireshark-1.12.13-31.1
- wireshark-debugsource-1.12.13-31.1

Security update for wireshark

Description:

Patch Instructions:

Package List:

References: