Overview

File _patchinfo of Package patchinfo.7006

<patchinfo incident="7006">
  <packager>AndreasStieger</packager>
  <issue tracker="bnc" id="1049621" />
  <issue tracker="bnc" id="1049255">VUL-0: wireshark: multiple vulnerabilties fixed in 2.2.8, 2.0.14</issue>
  <issue tracker="cve" id="2017-7702"></issue>
  <issue tracker="cve" id="2017-11410"></issue>
  <issue tracker="cve" id="2017-9350"></issue>
  <issue tracker="cve" id="2017-11411"></issue>
  <issue tracker="cve" id="2017-11406"></issue>
  <issue tracker="cve" id="2017-11407"></issue>
  <issue tracker="cve" id="2017-11408"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for Wireshark</summary>
  <description>This update to Wireshark 2.2.8 fixes some minor vulnerabilities could be used
to trigger dissector crashes, infinite loops, or cause excessive use of memory
resources by making Wireshark read specially crafted packages from the network
or a capture file:

- CVE-2017-7702,CVE-2017-11410: WBMXL dissector infinite loop (wnpa-sec-2017-13)
- CVE-2017-9350,CVE-2017-11411: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28)
- CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34)
- CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35)
- CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36)</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places