File _patchinfo of Package patchinfo.5699

<patchinfo incident="5699">
  <issue id="1044417" tracker="bnc">VUL-0: CVE-2017-9617: wireshark: in version 2.2.7, deeply nested DAAP data may cause stack exhaustion</issue>
  <issue id="1045341" tracker="bnc">VUL-1: CVE-2017-9766: wireshark: PROFINET IO data with a high recursion depth allows to cause a denial of service in thedissect_IODWriteReq</issue>
  <issue id="1056251" tracker="bnc">VUL-1: CVE-2017-13765: wireshark: IrCOMM dissector buffer overrun</issue>
  <issue id="1056249" tracker="bnc">VUL-1: CVE-2017-13766: wireshark: Profinet I/O buffer overrun</issue>
  <issue id="1056248" tracker="bnc">VUL-1: CVE-2017-13767: wireshark: MSDP dissector infinite loop</issue>
  <issue id="2017-9766" tracker="cve" />
  <issue id="2017-9617" tracker="cve" />
  <issue id="2017-13766" tracker="cve" />
  <issue id="2017-13767" tracker="cve" />
  <issue id="2017-13765" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>LSZhu</packager>
  <description>This update for wireshark to version 2.2.9 fixes several issues.

These security issues were fixed:

- CVE-2017-13767: The MSDP dissector could have gone into an infinite loop.
  This was addressed by adding length validation (bsc#1056248).
- CVE-2017-13766: The Profinet I/O dissector could have crash with an
  out-of-bounds write. This was addressed by adding string validation
  (bsc#1056249).
- CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application
  crash. This was addressed by adding length validation (bsc#1056251).
- CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote
  attackers to cause a denial of service (stack exhaustion) in the
  dissect_IODWriteReq function (bsc#1045341).
- CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion
  (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP
  dissector (bsc#1044417).
</description>
  <summary>Security update for wireshark</summary>
</patchinfo>