Overview

File _patchinfo of Package patchinfo.6479

<patchinfo incident="6479">
  <issue id="1075738" tracker="bnc">VUL-0: CVE-2018-5335: wireshark: WCP dissector crash</issue>
  <issue id="1075739" tracker="bnc">VUL-0: CVE-2018-5336: wireshark: Multiple dissectors could crash</issue>
  <issue id="1074171" tracker="bnc">VUL-0: CVE-2017-17935: wireshark: File_read_line function bad '\n' handling could lead to denial of service</issue>
  <issue id="1075748" tracker="bnc">VUL-1: wireshark: activation of the kernel BPF JIT compiler makes system more vulnerable to Spectre variant 1 (CVE-2017-5753)</issue>
  <issue id="1075737" tracker="bnc">VUL-0: CVE-2018-5334: wireshark: IxVeriWave file parser crash</issue>
  <issue id="2018-5336" tracker="cve" />
  <issue id="2017-17935" tracker="cve" />
  <issue id="2018-5334" tracker="cve" />
  <issue id="2018-5335" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>LSZhu</packager>
  <description>This update for wireshark to version 2.2.12 fixes the following issues:

- CVE-2018-5334: IxVeriWave file could crash (bsc#1075737)
- CVE-2018-5335: WCP dissector could crash (bsc#1075738)
- CVE-2018-5336: Multiple dissector crashes (bsc#1075739)
- CVE-2017-17935: Incorrect handling of "\n" in file_read_line function could
  have lead to denial of service (bsc#1074171)

This release no longer enables the Linux kernel BPF JIT compiler via the
net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable
to Spectre variant 1 CVE-2017-5753 - (bsc#1075748)

Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html
</description>
  <summary>Security update for wireshark</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places