Bug 1042307 - (CVE-2017-9354) VUL-0: CVE-2017-9354: wireshark: RGMP dissector crash (wnpa-sec-2017-32)
(CVE-2017-9354)
VUL-0: CVE-2017-9354: wireshark: RGMP dissector crash (wnpa-sec-2017-32)
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Lingshan Zhu
Security Team bot
https://smash.suse.de/issue/186157/
CVSSv3:RedHat:CVE-2017-9354:5.9:(AV:N...
:
Depends on:
Blocks: 1042330 1042331
  Show dependency treegraph
 
Reported: 2017-06-02 08:09 UTC by Alexander Bergmann
Modified: 2017-07-13 14:48 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-06-02 08:09:39 UTC
rh#1458147

It was reported that Wireshark's RGMP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Upstream bug(s):

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646

External References:

https://www.wireshark.org/security/wnpa-sec-2017-32.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1458147
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9354
Comment 1 Bernhard Wiedemann 2017-06-02 10:03:10 UTC
This is an autogenerated message for OBS integration:
This bug (1042307) was mentioned in
https://build.opensuse.org/request/show/500569 Factory / wireshark
Comment 2 Swamp Workflow Management 2017-06-12 10:10:48 UTC
openSUSE-SU-2017:1534-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (low)
Bug References: 1042298,1042299,1042300,1042301,1042302,1042303,1042304,1042305,1042306,1042307,1042308,1042309,1042330
CVE References: CVE-2017-9343,CVE-2017-9344,CVE-2017-9345,CVE-2017-9346,CVE-2017-9347,CVE-2017-9348,CVE-2017-9349,CVE-2017-9350,CVE-2017-9351,CVE-2017-9352,CVE-2017-9353,CVE-2017-9354
Sources used:
openSUSE Leap 42.2 (src):    wireshark-2.2.7-14.6.1
Comment 3 Lingshan Zhu 2017-06-13 09:25:40 UTC
please see this link for update for SLE12
Comment 4 Lingshan Zhu 2017-06-14 03:27:25 UTC
For SLE11:  https://build.suse.de/request/show/134148
For SLE12: https://build.suse.de/request/show/134080
Comment 5 Swamp Workflow Management 2017-06-23 16:12:46 UTC
SUSE-SU-2017:1663-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042298,1042299,1042300,1042301,1042302,1042303,1042304,1042305,1042306,1042307,1042308,1042309
CVE References: CVE-2017-9343,CVE-2017-9344,CVE-2017-9345,CVE-2017-9346,CVE-2017-9347,CVE-2017-9348,CVE-2017-9349,CVE-2017-9350,CVE-2017-9351,CVE-2017-9352,CVE-2017-9353,CVE-2017-9354
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    wireshark-2.2.7-47.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    wireshark-2.2.7-47.1
SUSE Linux Enterprise Server 12-SP2 (src):    wireshark-2.2.7-47.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    wireshark-2.2.7-47.1
Comment 6 Swamp Workflow Management 2017-06-23 16:14:22 UTC
SUSE-SU-2017:1664-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042298,1042299,1042300,1042301,1042302,1042303,1042304,1042305,1042306,1042307,1042308,1042309
CVE References: CVE-2017-9343,CVE-2017-9344,CVE-2017-9345,CVE-2017-9346,CVE-2017-9347,CVE-2017-9348,CVE-2017-9349,CVE-2017-9350,CVE-2017-9351,CVE-2017-9352,CVE-2017-9353,CVE-2017-9354
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    wireshark-2.0.13-39.1
SUSE Linux Enterprise Server 11-SP4 (src):    wireshark-2.0.13-39.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    wireshark-2.0.13-39.1
Comment 7 Lingshan Zhu 2017-06-27 06:00:45 UTC
MRs got accepted