Overview

File _patchinfo of Package patchinfo.8150

<patchinfo incident="8150">
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1106514" tracker="bnc">VUL-0: wireshark: 2.6.3, 2.4.9, 2.2.17 releases</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1101802" tracker="bnc">VUL-1: CVE-2018-14370: wireshark: IEEE 802.11 protocol dissector could crash</issue>
  <issue id="1101794" tracker="bnc">VUL-1: CVE-2018-14368: wireshark: Bazaar protocol dissector could go into an infinite loop</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1101777" tracker="bnc">VUL-1: CVE-2018-14342: wireshark: BGP protocol dissector could go into a large loop</issue>
  <issue id="1101786" tracker="bnc">VUL-1: CVE-2018-14343: wireshark: ASN.1 BER dissector could crash</issue>
  <issue id="1101804" tracker="bnc">VUL-1: CVE-2018-14340: wireshark: dissectors that support zlib decompression could crash</issue>
  <issue id="1101776" tracker="bnc">VUL-1: CVE-2018-14341: wireshark: DICOM dissector could go into a large or infinite loop</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1101788" tracker="bnc">VUL-1: CVE-2018-14344: wireshark: ISMP dissector could crash</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1101810" tracker="bnc">VUL-1: CVE-2018-14339: wireshark: MMSE dissector could go into an infinite loop</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1101791" tracker="bnc">VUL-1: CVE-2018-14367: wireshark: CoAP protocol dissector could crash</issue>
  <issue id="1094301" tracker="bnc">VUL-0: wireshark: multiple vulnerabilities fixed in 2.6.1, 2.4.7, 2.2.15.</issue>
  <issue id="1101800" tracker="bnc">VUL-1: CVE-2018-14369: wireshark: HTTP2 dissector could crash</issue>
  <issue tracker="cve" id="2018-16058"/>
  <issue tracker="cve" id="2018-16056"/>
  <issue tracker="cve" id="2018-16057"/>
  <issue tracker="cve" id="2018-11355"/>
  <issue tracker="cve" id="2018-14370"/>
  <issue tracker="cve" id="2018-14368"/>
  <issue tracker="cve" id="2018-11362"/>
  <issue tracker="cve" id="2018-11361"/>
  <issue tracker="cve" id="2018-11360"/>
  <issue tracker="cve" id="2018-14342"/>
  <issue tracker="cve" id="2018-14343"/>
  <issue tracker="cve" id="2018-14340"/>
  <issue tracker="cve" id="2018-14341"/>
  <issue tracker="cve" id="2018-11358"/>
  <issue tracker="cve" id="2018-14344"/>
  <issue tracker="cve" id="2018-11359"/>
  <issue tracker="cve" id="2018-11356"/>
  <issue tracker="cve" id="2018-14339"/>
  <issue tracker="cve" id="2018-11357"/>
  <issue tracker="cve" id="2018-14367"/>
  <issue tracker="cve" id="2018-11354"/>
  <issue tracker="cve" id="2018-14369"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>LSZhu</packager>
  <description>This update for wireshark to version 2.4.9 fixes the following issues:

Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514).

Security issues fixed:

- CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44)
- CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45)
- CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46)
- CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301).
- CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802)
- CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794)
- CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301).
- CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301).
- CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301).
- CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777)
- CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786)
- CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804)
- CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776)
- CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301).
- CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788)
- CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301).
- CVE-2018-11356: Fix DNS dissector crash (bsc#1094301).
- CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810)
- CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301).
- CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791)
- CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301).
- CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800)

Further bug fixes and updated protocol support as listed in:
  https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html
</description>
  <summary>Security update for wireshark</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places