Security update for wireshark

Announcement ID: SUSE-SU-2017:1174-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2016-7175 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7176 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7177 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7178 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7179 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7180 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-9373 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-9374 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-9375 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-9376 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-5596 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-5597 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-6014 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7700 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7700 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-7701 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7701 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7702 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7702 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7703 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7703 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7704 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7704 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7705 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7705 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7745 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7745 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7746 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7746 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7747 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7747 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7748 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7748 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • Magnum Orchestration 7
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2

An update that solves 23 vulnerabilities and has two security fixes can now be installed.

Description:

Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes.

These security issues were fixed:

  • CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936).
  • CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937).
  • CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938).
  • CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939).
  • CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940).
  • CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941).
  • CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942).
  • CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943).
  • CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944).
  • CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945).
  • CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963).
  • CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735).
  • CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740).
  • CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752).
  • CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754).
  • CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761).
  • CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762).
  • CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763).
  • CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800).
  • CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964).
  • CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913).
  • CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739).
  • CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Magnum Orchestration 7
    zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1174=1
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
    zypper in -t patch SUSE-SLE-BSK-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Desktop 12 SP2
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
    zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2
    zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1174=1
  • SUSE Linux Enterprise High Performance Computing 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Server 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1174=1

Package List:

  • Magnum Orchestration 7 (x86_64)
    • systemd-228-150.7.1
    • udev-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • dracut-044.1-109.8.3
    • systemd-debuginfo-228-150.7.1
    • libsystemd0-228-150.7.1
    • libudev1-228-150.7.1
    • udev-debuginfo-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (ppc64le s390x x86_64)
    • libudev-mini-devel-228-150.7.1
    • systemd-mini-debugsource-228-150.7.1
    • udev-mini-debuginfo-228-150.7.1
    • libudev-mini1-debuginfo-228-150.7.1
    • systemd-mini-devel-228-150.7.1
    • libudev-mini1-228-150.7.1
    • systemd-mini-228-150.7.1
    • systemd-mini-debuginfo-228-150.7.1
    • udev-mini-228-150.7.1
  • SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
    • systemd-228-150.7.1
    • udev-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • systemd-debuginfo-32bit-228-150.7.1
    • dracut-044.1-109.8.3
    • libudev1-32bit-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • libsystemd0-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1
    • libudev1-228-150.7.1
    • udev-debuginfo-228-150.7.1
    • libsystemd0-32bit-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Desktop 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
    • systemd-228-150.7.1
    • udev-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • dracut-044.1-109.8.3
    • systemd-debuginfo-228-150.7.1
    • libsystemd0-228-150.7.1
    • libudev1-228-150.7.1
    • udev-debuginfo-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
    • systemd-debugsource-228-150.7.1
    • libudev-devel-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • systemd-devel-228-150.7.1
  • SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
    • systemd-228-150.7.1
    • udev-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • dracut-044.1-109.8.3
    • systemd-debuginfo-228-150.7.1
    • libsystemd0-228-150.7.1
    • libudev1-228-150.7.1
    • udev-debuginfo-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise High Performance Computing 12 SP2 (x86_64)
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • systemd-debuginfo-32bit-228-150.7.1
    • libudev1-32bit-228-150.7.1
    • libsystemd0-32bit-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1
  • SUSE Linux Enterprise Server 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
    • systemd-228-150.7.1
    • udev-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • dracut-044.1-109.8.3
    • systemd-debuginfo-228-150.7.1
    • libsystemd0-228-150.7.1
    • libudev1-228-150.7.1
    • udev-debuginfo-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Server 12 SP2 (s390x x86_64)
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • systemd-debuginfo-32bit-228-150.7.1
    • libudev1-32bit-228-150.7.1
    • libsystemd0-32bit-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
    • systemd-228-150.7.1
    • udev-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • systemd-debugsource-228-150.7.1
    • libsystemd0-debuginfo-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • dracut-044.1-109.8.3
    • systemd-debuginfo-228-150.7.1
    • libsystemd0-228-150.7.1
    • libudev1-228-150.7.1
    • udev-debuginfo-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • systemd-debuginfo-32bit-228-150.7.1
    • libudev1-32bit-228-150.7.1
    • libsystemd0-32bit-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1

References: