Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0981-1 Final 1 1 2018-04-19T06:34:10Z current 2018-04-19T06:34:10Z 2018-04-19T06:34:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: - Update to wireshark 2.2.14, fix such issues: * bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9264: ADB dissector crash * CVE-2018-9265: tn3270 dissector has a memory leak * CVE-2018-9266: ISUP dissector memory leak * CVE-2018-9267: LAPD dissector memory leak * CVE-2018-9268: SMB2 dissector memory leak * CVE-2018-9269: GIOP dissector memory leak * CVE-2018-9270: OIDS dissector memory leak * CVE-2018-9271: multipart dissector memory leak * CVE-2018-9272: h223 dissector memory leak * CVE-2018-9273: pcp dissector memory leak * CVE-2018-9274: failure message memory leak * CVE-2018-9259: MP4 dissector crash The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP3-2018-658,SUSE-SLE-SDK-12-SP3-2018-658,SUSE-SLE-SERVER-12-SP3-2018-658 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ Link for SUSE-SU-2018:0981-1 https://lists.suse.com/pipermail/sle-security-updates/2018-April/003900.html E-Mail link for SUSE-SU-2018:0981-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1088200 SUSE Bug 1088200 https://www.suse.com/security/cve/CVE-2018-9256/ SUSE CVE CVE-2018-9256 page https://www.suse.com/security/cve/CVE-2018-9259/ SUSE CVE CVE-2018-9259 page https://www.suse.com/security/cve/CVE-2018-9260/ SUSE CVE CVE-2018-9260 page https://www.suse.com/security/cve/CVE-2018-9261/ SUSE CVE CVE-2018-9261 page https://www.suse.com/security/cve/CVE-2018-9262/ SUSE CVE CVE-2018-9262 page https://www.suse.com/security/cve/CVE-2018-9263/ SUSE CVE CVE-2018-9263 page https://www.suse.com/security/cve/CVE-2018-9264/ SUSE CVE CVE-2018-9264 page https://www.suse.com/security/cve/CVE-2018-9265/ SUSE CVE CVE-2018-9265 page https://www.suse.com/security/cve/CVE-2018-9266/ SUSE CVE CVE-2018-9266 page https://www.suse.com/security/cve/CVE-2018-9267/ SUSE CVE CVE-2018-9267 page https://www.suse.com/security/cve/CVE-2018-9268/ SUSE CVE CVE-2018-9268 page https://www.suse.com/security/cve/CVE-2018-9269/ SUSE CVE CVE-2018-9269 page https://www.suse.com/security/cve/CVE-2018-9270/ SUSE CVE CVE-2018-9270 page https://www.suse.com/security/cve/CVE-2018-9271/ SUSE CVE CVE-2018-9271 page https://www.suse.com/security/cve/CVE-2018-9272/ SUSE CVE CVE-2018-9272 page https://www.suse.com/security/cve/CVE-2018-9273/ SUSE CVE CVE-2018-9273 page https://www.suse.com/security/cve/CVE-2018-9274/ SUSE CVE CVE-2018-9274 page SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 libwireshark8-2.2.14-48.24.1 libwiretap6-2.2.14-48.24.1 libwscodecs1-2.2.14-48.24.1 libwsutil7-2.2.14-48.24.1 wireshark-2.2.14-48.24.1 wireshark-gtk-2.2.14-48.24.1 wireshark-devel-2.2.14-48.24.1 libwireshark8-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libwiretap6-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libwscodecs1-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libwsutil7-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 wireshark-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 wireshark-gtk-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libwireshark8-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 libwiretap6-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 libwscodecs1-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 libwsutil7-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 wireshark-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 wireshark-gtk-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 libwireshark8-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libwiretap6-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libwscodecs1-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libwsutil7-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 wireshark-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 wireshark-gtk-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 wireshark-devel-2.2.14-48.24.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. CVE-2018-9256 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9256.html CVE-2018-9256 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. CVE-2018-9259 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9259.html CVE-2018-9259 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. CVE-2018-9260 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9260.html CVE-2018-9260 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. CVE-2018-9261 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9261.html CVE-2018-9261 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. CVE-2018-9262 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9262.html CVE-2018-9262 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. CVE-2018-9263 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9263.html CVE-2018-9263 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. CVE-2018-9264 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9264.html CVE-2018-9264 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. CVE-2018-9265 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9265.html CVE-2018-9265 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. CVE-2018-9266 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9266.html CVE-2018-9266 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. CVE-2018-9267 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9267.html CVE-2018-9267 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. CVE-2018-9268 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9268.html CVE-2018-9268 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. CVE-2018-9269 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9269.html CVE-2018-9269 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. CVE-2018-9270 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9270.html CVE-2018-9270 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. CVE-2018-9271 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9271.html CVE-2018-9271 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. CVE-2018-9272 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9272.html CVE-2018-9272 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. CVE-2018-9273 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9273.html CVE-2018-9273 https://bugzilla.suse.com/1088200 SUSE Bug 1088200 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. CVE-2018-9274 SUSE Linux Enterprise Desktop 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Desktop 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwireshark8-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwiretap6-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwscodecs1-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwsutil7-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-2.2.14-48.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:wireshark-gtk-2.2.14-48.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:wireshark-devel-2.2.14-48.24.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180981-1/ https://www.suse.com/security/cve/CVE-2018-9274.html CVE-2018-9274 https://bugzilla.suse.com/1088200 SUSE Bug 1088200