Bug 1010911 – VUL-0: wireshark: [tracker] multiple vulnerabilities in dissectors fixed in 2.2.2, 2.0.8

Bug 1010911 - VUL-0: wireshark: [tracker] multiple vulnerabilities in dissectors fixed in 2.2.2, 2.0.8


Summary:	VUL-0: wireshark: [tracker] multiple vulnerabilities in dissectors fixed in 2...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Lingshan Zhu
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:planned:update
Keywords:

Depends on:	CVE-2016-9376 CVE-2016-9375 CVE-2016-9374 CVE-2016-9373
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-11-18 11:00 UTC by Matthias Gerstner
Modified:	2019-08-30 14:42 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Gerstner 2016-11-18 11:00:50 UTC

https://www.wireshark.org/lists/wireshark-announce/201611/msg00000.html

The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2016-59
       AllJoyn crash. ([2]Bug 12953)
     * [3]wnpa-sec-2016-60
       OpenFlow crash. ([4]Bug 13071)
     * [5]wnpa-sec-2016-61
       DCERPC crash. ([6]Bug 13072)
     * [7]wnpa-sec-2016-62
       DTN infinite loop. ([8]Bug 13097)

   The following bugs have been fixed:
     * SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0.
       ([9]Bug 12632)
     * Upgrading to latest version uninstalls Microsoft Visual C++
       redistributable. ([10]Bug 12712)
     * smpp.message not decoded & not available for export using tshark -T
       fields -e smpp.message. ([11]Bug 12960)
     * CLNP dissector does not parse ER NPDU properly. ([12]Bug 12993)
     * SNMP trap bindings for NON scalar OIDs. ([13]Bug 13013)
     * BGP LS Link Protection Type TLV (1093) decoding. ([14]Bug 13021)
     * Application crash sorting column for tcp.window_size_scalefactor up
       and down. ([15]Bug 13023)
     * ZigBee Green Power add key during execution. ([16]Bug 13031)
     * Malformed AMPQ packets for session.expected and session.confirmed
       fields. ([17]Bug 13037)
     * [IS-637A] SMS - Teleservice layer parameter --> IA5 encoded text is
       not correctly displayed. ([18]Bug 13065)
     * Field sna.gds is is not of an FT_{U}INTn type. ([19]Bug 13084)
     * E212: 3 digits MNC are identified as 2 digits long if they end with
       a 0. ([20]Bug 13092)
     * Dissector skips DICOM command. ([21]Bug 13110)
     * Manufacturer name resolution fail. ([22]Bug 13126)

   The Windows PortableApps packages were susceptible to a [23]DLL
   hijacking flaw.

Comment 1 Swamp Workflow Management 2016-11-18 23:00:33 UTC

bugbot adjusting priority

Comment 2 Lingshan Zhu 2016-11-21 08:26:50 UTC

a new version wireshark 2.2.2 can build for SLE12, but whether update to 2.2.2 depends on fate#321770, see https://fate.suse.com/321770

Comment 3 Swamp Workflow Management 2016-11-27 14:07:59 UTC

openSUSE-SU-2016:2923-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1010735,1010740,1010752,1010754,1010807,1010911
CVE References: CVE-2016-9372,CVE-2016-9373,CVE-2016-9374,CVE-2016-9375,CVE-2016-9376
Sources used:
openSUSE Leap 42.2 (src):    wireshark-2.2.2-3.1

Comment 4 Lingshan Zhu 2017-05-02 02:42:11 UTC

resolved by the latest update

Comment 5 Swamp Workflow Management 2017-05-04 13:10:34 UTC

SUSE-SU-2017:1174-1: An update that solves 23 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1002981,1010735,1010740,1010752,1010754,1010911,1021739,1025913,1027998,1033936,1033937,1033938,1033939,1033940,1033941,1033942,1033943,1033944,1033945,998761,998762,998763,998800,998963,998964
CVE References: CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179,CVE-2016-7180,CVE-2016-9373,CVE-2016-9374,CVE-2016-9375,CVE-2016-9376,CVE-2017-5596,CVE-2017-5597,CVE-2017-6014,CVE-2017-7700,CVE-2017-7701,CVE-2017-7702,CVE-2017-7703,CVE-2017-7704,CVE-2017-7705,CVE-2017-7745,CVE-2017-7746,CVE-2017-7747,CVE-2017-7748
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    wireshark-2.0.12-36.1
SUSE Linux Enterprise Server 11-SP4 (src):    wireshark-2.0.12-36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    wireshark-2.0.12-36.1

Comment 6 Swamp Workflow Management 2017-05-30 16:11:25 UTC

SUSE-SU-2017:1442-1: An update that solves 24 vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1002981,1010735,1010740,1010752,1010754,1010911,1021739,1025913,1026507,1027692,1027998,1033936,1033937,1033938,1033939,1033940,1033941,1033942,1033943,1033944,1033945,990856,998761,998762,998763,998800,998963,998964
CVE References: CVE-2016-6354,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179,CVE-2016-7180,CVE-2016-9373,CVE-2016-9374,CVE-2016-9375,CVE-2016-9376,CVE-2017-5596,CVE-2017-5597,CVE-2017-6014,CVE-2017-7700,CVE-2017-7701,CVE-2017-7702,CVE-2017-7703,CVE-2017-7704,CVE-2017-7705,CVE-2017-7745,CVE-2017-7746,CVE-2017-7747,CVE-2017-7748
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    wireshark-2.2.6-44.3
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    wireshark-2.2.6-44.3
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    wireshark-2.2.6-44.3
SUSE Linux Enterprise Server 12-SP2 (src):    wireshark-2.2.6-44.3
SUSE Linux Enterprise Server 12-SP1 (src):    wireshark-2.2.6-44.3
SUSE Linux Enterprise Desktop 12-SP2 (src):    wireshark-2.2.6-44.3
SUSE Linux Enterprise Desktop 12-SP1 (src):    wireshark-2.2.6-44.3