Security update for wireshark

Announcement ID:	SUSE-SU-2017:1663-1
Rating:	moderate
References:	bsc#1042298 bsc#1042299 bsc#1042300 bsc#1042301 bsc#1042302 bsc#1042303 bsc#1042304 bsc#1042305 bsc#1042306 bsc#1042307 bsc#1042308 bsc#1042309
Cross-References:	CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354
CVSS scores:	CVE-2017-9343 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9343 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9344 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9344 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9345 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9345 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9346 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9346 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9347 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9347 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9348 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9348 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9349 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9349 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9350 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9350 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9351 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9351 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9352 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9352 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9353 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9353 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9354 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9354 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Linux Enterprise Software Development Kit 12 12-SP2

An update that solves 12 vulnerabilities can now be installed.

Description:

The network debugging tool wireshark was updated to version 2.2.7 to fix the following issues:

• CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304)
• CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303)
• CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302)
• CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301)
• CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300)
• CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305)
• CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299)
• CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298)
• CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309)
• CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308)
• CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307)
• CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP2
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1031=1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1031=1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2
  zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1031=1
• SUSE Linux Enterprise High Performance Computing 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1031=1
• SUSE Linux Enterprise Server 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1031=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1031=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
  • libwsutil7-2.2.7-47.1
  • libwiretap6-debuginfo-2.2.7-47.1
  • libwireshark8-debuginfo-2.2.7-47.1
  • wireshark-gtk-2.2.7-47.1
  • wireshark-debuginfo-2.2.7-47.1
  • libwscodecs1-2.2.7-47.1
  • libwireshark8-2.2.7-47.1
  • wireshark-debugsource-2.2.7-47.1
  • wireshark-gtk-debuginfo-2.2.7-47.1
  • libwsutil7-debuginfo-2.2.7-47.1
  • libwscodecs1-debuginfo-2.2.7-47.1
  • wireshark-2.2.7-47.1
  • libwiretap6-2.2.7-47.1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
  • libwsutil7-2.2.7-47.1
  • libwiretap6-debuginfo-2.2.7-47.1
  • libwireshark8-debuginfo-2.2.7-47.1
  • wireshark-gtk-2.2.7-47.1
  • wireshark-debuginfo-2.2.7-47.1
  • libwscodecs1-2.2.7-47.1
  • libwireshark8-2.2.7-47.1
  • wireshark-debugsource-2.2.7-47.1
  • wireshark-gtk-debuginfo-2.2.7-47.1
  • libwsutil7-debuginfo-2.2.7-47.1
  • libwscodecs1-debuginfo-2.2.7-47.1
  • wireshark-2.2.7-47.1
  • libwiretap6-2.2.7-47.1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
  • wireshark-debuginfo-2.2.7-47.1
  • wireshark-debugsource-2.2.7-47.1
  • wireshark-devel-2.2.7-47.1
• SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
  • libwsutil7-2.2.7-47.1
  • libwiretap6-debuginfo-2.2.7-47.1
  • libwireshark8-debuginfo-2.2.7-47.1
  • wireshark-gtk-2.2.7-47.1
  • wireshark-debuginfo-2.2.7-47.1
  • libwscodecs1-2.2.7-47.1
  • libwireshark8-2.2.7-47.1
  • wireshark-debugsource-2.2.7-47.1
  • wireshark-gtk-debuginfo-2.2.7-47.1
  • libwsutil7-debuginfo-2.2.7-47.1
  • libwscodecs1-debuginfo-2.2.7-47.1
  • wireshark-2.2.7-47.1
  • libwiretap6-2.2.7-47.1
• SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
  • libwsutil7-2.2.7-47.1
  • libwiretap6-debuginfo-2.2.7-47.1
  • libwireshark8-debuginfo-2.2.7-47.1
  • wireshark-gtk-2.2.7-47.1
  • wireshark-debuginfo-2.2.7-47.1
  • libwscodecs1-2.2.7-47.1
  • libwireshark8-2.2.7-47.1
  • wireshark-debugsource-2.2.7-47.1
  • wireshark-gtk-debuginfo-2.2.7-47.1
  • libwsutil7-debuginfo-2.2.7-47.1
  • libwscodecs1-debuginfo-2.2.7-47.1
  • wireshark-2.2.7-47.1
  • libwiretap6-2.2.7-47.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
  • libwsutil7-2.2.7-47.1
  • libwiretap6-debuginfo-2.2.7-47.1
  • libwireshark8-debuginfo-2.2.7-47.1
  • wireshark-gtk-2.2.7-47.1
  • wireshark-debuginfo-2.2.7-47.1
  • libwscodecs1-2.2.7-47.1
  • libwireshark8-2.2.7-47.1
  • wireshark-debugsource-2.2.7-47.1
  • wireshark-gtk-debuginfo-2.2.7-47.1
  • libwsutil7-debuginfo-2.2.7-47.1
  • libwscodecs1-debuginfo-2.2.7-47.1
  • wireshark-2.2.7-47.1
  • libwiretap6-2.2.7-47.1

References:

• https://www.suse.com/security/cve/CVE-2017-9343.html
• https://www.suse.com/security/cve/CVE-2017-9344.html
• https://www.suse.com/security/cve/CVE-2017-9345.html
• https://www.suse.com/security/cve/CVE-2017-9346.html
• https://www.suse.com/security/cve/CVE-2017-9347.html
• https://www.suse.com/security/cve/CVE-2017-9348.html
• https://www.suse.com/security/cve/CVE-2017-9349.html
• https://www.suse.com/security/cve/CVE-2017-9350.html
• https://www.suse.com/security/cve/CVE-2017-9351.html
• https://www.suse.com/security/cve/CVE-2017-9352.html
• https://www.suse.com/security/cve/CVE-2017-9353.html
• https://www.suse.com/security/cve/CVE-2017-9354.html
• https://bugzilla.suse.com/show_bug.cgi?id=1042298
• https://bugzilla.suse.com/show_bug.cgi?id=1042299
• https://bugzilla.suse.com/show_bug.cgi?id=1042300
• https://bugzilla.suse.com/show_bug.cgi?id=1042301
• https://bugzilla.suse.com/show_bug.cgi?id=1042302
• https://bugzilla.suse.com/show_bug.cgi?id=1042303
• https://bugzilla.suse.com/show_bug.cgi?id=1042304
• https://bugzilla.suse.com/show_bug.cgi?id=1042305
• https://bugzilla.suse.com/show_bug.cgi?id=1042306
• https://bugzilla.suse.com/show_bug.cgi?id=1042307
• https://bugzilla.suse.com/show_bug.cgi?id=1042308
• https://bugzilla.suse.com/show_bug.cgi?id=1042309