Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1965-1 Final 1 1 2019-08-20T10:57:10Z current 2019-08-20T10:57:10Z 2019-08-20T10:57:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1965 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00068.html E-Mail link for openSUSE-SU-2019:1965-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1141980 SUSE Bug 1141980 https://www.suse.com/security/cve/CVE-2019-13619/ SUSE CVE CVE-2019-13619 page openSUSE Leap 15.0 openSUSE Leap 15.1 libwireshark9-2.4.16-lp151.2.6.1 libwiretap7-2.4.16-lp151.2.6.1 libwscodecs1-2.4.16-lp151.2.6.1 libwsutil8-2.4.16-lp151.2.6.1 wireshark-2.4.16-lp151.2.6.1 wireshark-devel-2.4.16-lp151.2.6.1 wireshark-ui-qt-2.4.16-lp151.2.6.1 libwireshark9-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.0 libwiretap7-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.0 libwscodecs1-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.0 libwsutil8-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.0 wireshark-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.0 wireshark-devel-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.0 wireshark-ui-qt-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.0 libwireshark9-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.1 libwiretap7-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.1 libwscodecs1-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.1 libwsutil8-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.1 wireshark-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.1 wireshark-devel-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.1 wireshark-ui-qt-2.4.16-lp151.2.6.1 as a component of openSUSE Leap 15.1 In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. CVE-2019-13619 openSUSE Leap 15.0:libwireshark9-2.4.16-lp151.2.6.1 openSUSE Leap 15.0:libwiretap7-2.4.16-lp151.2.6.1 openSUSE Leap 15.0:libwscodecs1-2.4.16-lp151.2.6.1 openSUSE Leap 15.0:libwsutil8-2.4.16-lp151.2.6.1 openSUSE Leap 15.0:wireshark-2.4.16-lp151.2.6.1 openSUSE Leap 15.0:wireshark-devel-2.4.16-lp151.2.6.1 openSUSE Leap 15.0:wireshark-ui-qt-2.4.16-lp151.2.6.1 openSUSE Leap 15.1:libwireshark9-2.4.16-lp151.2.6.1 openSUSE Leap 15.1:libwiretap7-2.4.16-lp151.2.6.1 openSUSE Leap 15.1:libwscodecs1-2.4.16-lp151.2.6.1 openSUSE Leap 15.1:libwsutil8-2.4.16-lp151.2.6.1 openSUSE Leap 15.1:wireshark-2.4.16-lp151.2.6.1 openSUSE Leap 15.1:wireshark-devel-2.4.16-lp151.2.6.1 openSUSE Leap 15.1:wireshark-ui-qt-2.4.16-lp151.2.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00068.html https://www.suse.com/security/cve/CVE-2019-13619.html CVE-2019-13619 https://bugzilla.suse.com/1141980 SUSE Bug 1141980