Bug 1148185 (CVE-2017-6469)

Summary:	VUL-0: CVE-2017-6469: wireshark: LDSS dissector crash (wnpa-sec-2017-03)
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Wolfgang Frisch <wolfgang.frisch>
Component:	Incidents	Assignee:	Robert Frohl <rfrohl>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	smash_bz
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/181193/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Comment 1 Wolfgang Frisch 2019-08-26 14:34:14 UTC

CVE-2017-6469

It was reported that Wireshark's LDSS dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Upstream bug(s):

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346

External References:

https://www.wireshark.org/security/wnpa-sec-2017-03.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1429579
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6469
http://www.debian.org/security/2017/dsa-3811
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6469.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6469
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7
http://www.securityfocus.com/bid/96577
https://www.wireshark.org/security/wnpa-sec-2017-03.html

Comment 2 Wolfgang Frisch 2019-08-26 14:41:45 UTC

This issue was fixed in all code streams but never mentioned in the .changes file.
See also the tracking bug for a number of adjacent CVEs:
https://bugzilla.suse.com/show_bug.cgi?id=1027998

Comment 3 Marcus Meissner 2020-08-13 11:50:58 UTC

fixed