File _patchinfo of Package patchinfo.3295

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.3295

<patchinfo incident="3295">
  <issue id="1026507" tracker="bnc">wireshark looking for /usr/share/wireshark/COPYING</issue>
  <issue id="1002981" tracker="bnc">VUL-1: wireshark: multiple dissector crashes fixed in 2.2.1</issue>
  <issue id="1010911" tracker="bnc">VUL-0: wireshark: [tracker] multiple vulnerabilities in dissectors fixed in 2.2.2, 2.0.8</issue>
  <issue id="1027998" tracker="bnc">VUL-1: wireshark: multiple dissector crashes and infinite loops fixed in 2.2.5, 2.0.11</issue>
  <issue id="1010735" tracker="bnc">VUL-0: CVE-2016-9376: wireshark: wireshark OpenFlow dissector crash</issue>
  <issue id="1010740" tracker="bnc">VUL-0: CVE-2016-9375: wireshark: Wireshark DTN dissector could go into an infinite loop</issue>
  <issue id="1010752" tracker="bnc">VUL-0: CVE-2016-9374: wireshark: The AllJoyn dissector could crash</issue>
  <issue id="1010754" tracker="bnc">VUL-0: CVE-2016-9373: wireshark: The DCERPC dissector could crash</issue>
  <issue id="1021739" tracker="bnc">VUL-1: CVE-2017-5596,CVE-2017-5597: wireshark: two dissector infinite/large loops fixed in 2.2.4, 2.0.10</issue>
  <issue id="1025913" tracker="bnc">VUL-1: CVE-2017-6014: wireshark: crafted or malformed STANAG 4607 capture file will cause an infinite loop</issue>
  <issue id="990856" tracker="bnc">VUL-1: CVE-2016-6354: flex,flex-old: buffer overflow in generated code (yy_get_next_buffer)</issue>
  <issue id="998761" tracker="bnc">VUL-1: CVE-2016-7175: wireshark: QNX6 QNET dissector crash</issue>
  <issue id="998762" tracker="bnc">VUL-1: CVE-2016-7176 wireshark: H.225 dissector crash</issue>
  <issue id="998763" tracker="bnc">VUL-1: CVE-2016-7177: wireshark: Catapult DCT2000 dissector crash</issue>
  <issue id="998800" tracker="bnc">VUL-1: CVE-2016-7180: wireshark: IPMI Trace dissector crash</issue>
  <issue id="998963" tracker="bnc">VUL-0: CVE-2016-7179: wireshark: Catapult DCT2000 dissector crash</issue>
  <issue id="998964" tracker="bnc">VUL-1: CVE-2016-7178: wireshark: UMTS FP dissector crash</issue>
  <issue id="1027692" tracker="bnc">Update to wireshark 2.2 stable release track</issue>
  <issue id="1033936" tracker="bnc">VUL-1: CVE-2017-7700: wireshark: NetScaler file parser could go into an infinite loop (wnpa-sec-2017-14)</issue>
  <issue id="1033937" tracker="bnc">VUL-1: CVE-2017-7701: wireshark: BGP dissector could go into an infinite loop (wnpa-sec-2017-16)</issue>
  <issue id="1033938" tracker="bnc">VUL-1: CVE-2017-7702: wireshark: WBXML dissector could go into an infinite loop (wnpa-sec-2017-13)</issue>
  <issue id="1033939" tracker="bnc">VUL-1: CVE-2017-7703: wireshark: IMAP dissector could crash (wnpa-sec-2017-12)</issue>
  <issue id="1033940" tracker="bnc">VUL-1: CVE-2017-7704: wireshark: DOF dissector could go into an infinite loop (wnpa-sec-2017-17)</issue>
  <issue id="1033941" tracker="bnc">VUL-1: CVE-2017-7705: wireshark: RPC over RDMA dissector could go into an infinite loop (wnpa-sec-2017-15)</issue>
  <issue id="1033942" tracker="bnc">VUL-1: CVE-2017-7745: wireshark: SIGCOMP dissector could go into an infinite loop (wnpa-sec-2017-20)</issue>
  <issue id="1033943" tracker="bnc">VUL-1: CVE-2017-7746: wireshark: SLSK dissector could go into an infinite loop (wnpa-sec-2017-19)</issue>
  <issue id="1033944" tracker="bnc">VUL-1: CVE-2017-7747: wireshark: PacketBB dissector could crash (wnpa-sec-2017-18)</issue>
  <issue id="1033945" tracker="bnc">VUL-1: CVE-2017-7748: wireshark: WSP dissector could go into an infinite loop (wnpa-sec-2017-21)</issue>
  <issue id="2017-7700" tracker="cve" />
  <issue id="2017-7701" tracker="cve" />
  <issue id="2017-7702" tracker="cve" />
  <issue id="2017-7703" tracker="cve" />
  <issue id="2017-7704" tracker="cve" />
  <issue id="2017-7705" tracker="cve" />
  <issue id="2017-7745" tracker="cve" />
  <issue id="2017-7746" tracker="cve" />
  <issue id="2017-7747" tracker="cve" />
  <issue id="2017-7748" tracker="cve" />
  <issue id="2016-9376" tracker="cve" />
  <issue id="2016-9375" tracker="cve" />
  <issue id="2016-9374" tracker="cve" />
  <issue id="2016-9373" tracker="cve" />
  <issue id="2017-5596" tracker="cve" />
  <issue id="2017-5597" tracker="cve" />
  <issue id="2017-6014" tracker="cve" />
  <issue id="2016-6354" tracker="cve" />
  <issue id="2016-7175" tracker="cve" />
  <issue id="2016-7176" tracker="cve" />
  <issue id="2016-7177" tracker="cve" />
  <issue id="2016-7180" tracker="cve" />
  <issue id="2016-7179" tracker="cve" />
  <issue id="2016-7178" tracker="cve" />
  <issue id="321770" tracker="fate" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
Wireshark was updated to version 2.2.6, which brings several new features, enhancements
and bug fixes.

Thses security issues were fixed:

- CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936)
- CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937)
- CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938)
- CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939)
- CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940)
- CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941)
- CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942)
- CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943)
- CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944)
- CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945)
- CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913)
- CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739)
- CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739)
- CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735)
- CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740)
- CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752)
- CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754)
- CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800)
- CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963)
- CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964)
- CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763)
- CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762)
- CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761)
- CVE-2016-6354: Heap-based buffer overflow in the yy_get_next_buffer function in Flex might have allowed context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read (bsc#990856).
</description>
  <summary>Security update for wireshark</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.3295

Places