Security update for Wireshark
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:0364-1
Final
1
1
2017-02-02T14:33:49Z
current
2017-02-02T14:33:49Z
2017-02-02T14:33:49Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for Wireshark
This update to Wireshark 2.2.4 fixes two minor vulnerabilities that could be used to
cause Wireshark to go into a large or infinite loop by sending specially crafted
packages over the network or into a capture file. (bsc#1021739)
- CVE-2017-5596: The ASTERIX dissector could go into an infinite loop (wnpa-sec-2017-01)
- CVE-2017-5597: The DHCPv6 dissector could go into a large loop (wnpa-sec-2017-02)
- Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.4.html
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2017-02/msg00010.html
E-Mail link for openSUSE-SU-2017:0364-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.2
wireshark-2.2.4-7.1
wireshark-devel-2.2.4-7.1
wireshark-ui-gtk-2.2.4-7.1
wireshark-ui-qt-2.2.4-7.1
wireshark-2.2.4-7.1 as a component of openSUSE Leap 42.2
wireshark-devel-2.2.4-7.1 as a component of openSUSE Leap 42.2
wireshark-ui-gtk-2.2.4-7.1 as a component of openSUSE Leap 42.2
wireshark-ui-qt-2.2.4-7.1 as a component of openSUSE Leap 42.2
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.
CVE-2017-5596
openSUSE Leap 42.2:wireshark-2.2.4-7.1
openSUSE Leap 42.2:wireshark-devel-2.2.4-7.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.4-7.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.4-7.1
moderate
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-02/msg00010.html
https://www.suse.com/security/cve/CVE-2017-5596.html
CVE-2017-5596
https://bugzilla.suse.com/1021739
SUSE Bug 1021739
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.
CVE-2017-5597
openSUSE Leap 42.2:wireshark-2.2.4-7.1
openSUSE Leap 42.2:wireshark-devel-2.2.4-7.1
openSUSE Leap 42.2:wireshark-ui-gtk-2.2.4-7.1
openSUSE Leap 42.2:wireshark-ui-qt-2.2.4-7.1
moderate
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-02/msg00010.html
https://www.suse.com/security/cve/CVE-2017-5597.html
CVE-2017-5597
https://bugzilla.suse.com/1021739
SUSE Bug 1021739