Security update for wireshark
This update for wireshark to version 2.2.12 fixes the following issues:
- CVE-2018-5334: IxVeriWave file could crash (boo#1075737)
- CVE-2018-5335: WCP dissector could crash (boo#1075738)
- CVE-2018-5336: Multiple dissector crashes (boo#1075739)
- CVE-2017-17997: MRDISC dissector could crash (boo#1074171)
This release no longers enable the Linux kernel BPF JIT compiler via the
net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable
to Spectre variant 1 CVE-2017-5753 - (boo#1075748)
Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1075738
VUL-0: CVE-2018-5335: wireshark: WCP dissector crash
bnc#1075739
VUL-0: CVE-2018-5336: wireshark: Multiple dissectors could crash
bnc#1074171
VUL-0: CVE-2017-17935: wireshark: File_read_line function bad '\n' handling could lead to denial of service
bnc#1075748
VUL-1: wireshark: activation of the kernel BPF JIT compiler makes system more vulnerable to Spectre variant 1 (CVE-2017-5753)
bnc#1075737
VUL-0: CVE-2018-5334: wireshark: IxVeriWave file parser crash
