Security update for wireshark

Announcement ID:	SUSE-SU-2017:1664-1
Rating:	moderate
References:	bsc#1042298 bsc#1042299 bsc#1042300 bsc#1042301 bsc#1042302 bsc#1042303 bsc#1042304 bsc#1042305 bsc#1042306 bsc#1042307 bsc#1042308 bsc#1042309
Cross-References:	CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354
CVSS scores:	CVE-2017-9343 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9343 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9344 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9344 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9345 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9345 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9346 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9346 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9347 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9347 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9348 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9348 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9349 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9349 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9350 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9350 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9351 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9351 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9352 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9352 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9353 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9353 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9354 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9354 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves 12 vulnerabilities can now be installed.

Description:

The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues:

CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304)
CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303)
CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302)
CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301)
CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300)
CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305)
CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299)
CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298)
CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309)
CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308)
CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307)
CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Software Development Kit 11 SP4
zypper in -t patch sdksp4-wireshark-13170=1
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-wireshark-13170=1
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-wireshark-13170=1

Package List:

SUSE Linux Enterprise Software Development Kit 11 SP4 (x86_64 i586)
- wireshark-2.0.13-39.1
- wireshark-gtk-2.0.13-39.1
SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- wireshark-devel-2.0.13-39.1
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- wireshark-2.0.13-39.1
- wireshark-gtk-2.0.13-39.1
SLES for SAP Applications 11-SP4 (ppc64 x86_64)
- wireshark-2.0.13-39.1
- wireshark-gtk-2.0.13-39.1

Security update for wireshark

Description:

Patch Instructions:

Package List:

References: