Security update for wireshark SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1188-1 Final 1 1 2020-08-12T10:21:52Z current 2020-08-12T10:21:52Z 2020-08-12T10:21:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: - Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606) * CVE-2020-13164: NFS dissector crash (bsc#1171899) * CVE-2020-11647: The BACapp dissector could crash (bsc#1169063) - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1188 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html E-Mail link for openSUSE-SU-2020:1188-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1169063 SUSE Bug 1169063 https://bugzilla.suse.com/1171899 SUSE Bug 1171899 https://bugzilla.suse.com/1173606 SUSE Bug 1173606 https://www.suse.com/security/cve/CVE-2020-11647/ SUSE CVE CVE-2020-11647 page https://www.suse.com/security/cve/CVE-2020-13164/ SUSE CVE CVE-2020-13164 page https://www.suse.com/security/cve/CVE-2020-15466/ SUSE CVE CVE-2020-15466 page openSUSE Leap 15.1 libwireshark13-3.2.5-lp151.2.12.1 libwiretap10-3.2.5-lp151.2.12.1 libwsutil11-3.2.5-lp151.2.12.1 wireshark-3.2.5-lp151.2.12.1 wireshark-devel-3.2.5-lp151.2.12.1 wireshark-ui-qt-3.2.5-lp151.2.12.1 libwireshark13-3.2.5-lp151.2.12.1 as a component of openSUSE Leap 15.1 libwiretap10-3.2.5-lp151.2.12.1 as a component of openSUSE Leap 15.1 libwsutil11-3.2.5-lp151.2.12.1 as a component of openSUSE Leap 15.1 wireshark-3.2.5-lp151.2.12.1 as a component of openSUSE Leap 15.1 wireshark-devel-3.2.5-lp151.2.12.1 as a component of openSUSE Leap 15.1 wireshark-ui-qt-3.2.5-lp151.2.12.1 as a component of openSUSE Leap 15.1 In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. CVE-2020-11647 openSUSE Leap 15.1:libwireshark13-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:libwiretap10-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:libwsutil11-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-devel-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-ui-qt-3.2.5-lp151.2.12.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html https://www.suse.com/security/cve/CVE-2020-11647.html CVE-2020-11647 https://bugzilla.suse.com/1169063 SUSE Bug 1169063 In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. CVE-2020-13164 openSUSE Leap 15.1:libwireshark13-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:libwiretap10-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:libwsutil11-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-devel-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-ui-qt-3.2.5-lp151.2.12.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html https://www.suse.com/security/cve/CVE-2020-13164.html CVE-2020-13164 https://bugzilla.suse.com/1171899 SUSE Bug 1171899 In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. CVE-2020-15466 openSUSE Leap 15.1:libwireshark13-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:libwiretap10-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:libwsutil11-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-devel-3.2.5-lp151.2.12.1 openSUSE Leap 15.1:wireshark-ui-qt-3.2.5-lp151.2.12.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html https://www.suse.com/security/cve/CVE-2020-15466.html CVE-2020-15466 https://bugzilla.suse.com/1173606 SUSE Bug 1173606