Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0307-1 Final 1 1 2015-01-22T08:55:12Z current 2015-01-22T08:55:12Z 2015-01-22T08:55:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update fixes the following security issues: - The following vulnerabilities allowed Wireshark to be crashed by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. + The WCCP dissector could crash wnpa-sec-2015-01 CVE-2015-0559 CVE-2015-0560 [boo#912365] + The LPP dissector could crash. wnpa-sec-2015-02 CVE-2015-0561 [boo#912368] + The DEC DNA Routing Protocol dissector could crash. wnpa-sec-2015-03 CVE-2015-0562 [boo#912369] + The SMTP dissector could crash. wnpa-sec-2015-04 CVE-2015-0563 [boo#912370] + Wireshark could crash while decypting TLS/SSL sessions. wnpa-sec-2015-05 CVE-2015-0564 [boo#912372] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-81,SUSE-SLE-SDK-12-2015-81,SUSE-SLE-SERVER-12-2015-81 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150307-1/ Link for SUSE-SU-2015:0307-1 https://lists.suse.com/pipermail/sle-security-updates/2015-February/001234.html E-Mail link for SUSE-SU-2015:0307-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/912365 SUSE Bug 912365 https://bugzilla.suse.com/912368 SUSE Bug 912368 https://bugzilla.suse.com/912369 SUSE Bug 912369 https://bugzilla.suse.com/912370 SUSE Bug 912370 https://bugzilla.suse.com/912372 SUSE Bug 912372 https://www.suse.com/security/cve/CVE-2015-0559/ SUSE CVE CVE-2015-0559 page https://www.suse.com/security/cve/CVE-2015-0560/ SUSE CVE CVE-2015-0560 page https://www.suse.com/security/cve/CVE-2015-0561/ SUSE CVE CVE-2015-0561 page https://www.suse.com/security/cve/CVE-2015-0562/ SUSE CVE CVE-2015-0562 page https://www.suse.com/security/cve/CVE-2015-0563/ SUSE CVE CVE-2015-0563 page https://www.suse.com/security/cve/CVE-2015-0564/ SUSE CVE CVE-2015-0564 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 wireshark-1.10.12-4.1 wireshark-devel-1.10.12-4.1 wireshark-1.10.12-4.1 as a component of SUSE Linux Enterprise Desktop 12 wireshark-1.10.12-4.1 as a component of SUSE Linux Enterprise Server 12 wireshark-1.10.12-4.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 wireshark-devel-1.10.12-4.1 as a component of SUSE Linux Enterprise Software Development Kit 12 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVE-2015-0559 SUSE Linux Enterprise Desktop 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.12-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150307-1/ https://www.suse.com/security/cve/CVE-2015-0559.html CVE-2015-0559 https://bugzilla.suse.com/912365 SUSE Bug 912365 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-0560 SUSE Linux Enterprise Desktop 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.12-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150307-1/ https://www.suse.com/security/cve/CVE-2015-0560.html CVE-2015-0560 https://bugzilla.suse.com/912365 SUSE Bug 912365 asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVE-2015-0561 SUSE Linux Enterprise Desktop 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.12-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150307-1/ https://www.suse.com/security/cve/CVE-2015-0561.html CVE-2015-0561 https://bugzilla.suse.com/912368 SUSE Bug 912368 Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVE-2015-0562 SUSE Linux Enterprise Desktop 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.12-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150307-1/ https://www.suse.com/security/cve/CVE-2015-0562.html CVE-2015-0562 https://bugzilla.suse.com/912369 SUSE Bug 912369 epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-0563 SUSE Linux Enterprise Desktop 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.12-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150307-1/ https://www.suse.com/security/cve/CVE-2015-0563.html CVE-2015-0563 https://bugzilla.suse.com/912370 SUSE Bug 912370 Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. CVE-2015-0564 SUSE Linux Enterprise Desktop 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Server for SAP Applications 12:wireshark-1.10.12-4.1 SUSE Linux Enterprise Software Development Kit 12:wireshark-devel-1.10.12-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150307-1/ https://www.suse.com/security/cve/CVE-2015-0564.html CVE-2015-0564 https://bugzilla.suse.com/912372 SUSE Bug 912372