Bug 1042330 - VUL-0: TRACKERBUG: wireshark: 2.2.7 security update
VUL-0: TRACKERBUG: wireshark: 2.2.7 security update
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Lingshan Zhu
Security Team bot
:
Depends on: CVE-2017-9344 CVE-2017-9350 CVE-2017-9345 CVE-2017-9346 CVE-2017-9351 CVE-2017-9348 CVE-2017-9352 CVE-2017-9349 CVE-2017-9353 CVE-2017-9354 CVE-2017-9347 CVE-2017-9343
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-02 09:15 UTC by Alexander Bergmann
Modified: 2017-06-27 06:03 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-06-02 09:15:10 UTC
[Wireshark-announce] Wireshark 2.2.7 is now available

https://www.wireshark.org/lists/wireshark-announce/201706/msg00000.html

The following security issues were fixed in this version:

bsc#1042304: CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22)
bsc#1042303: CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23)
bsc#1042302: CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24)
bsc#1042301: CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25)
bsc#1042300: CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26)
bsc#1042305: CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27)
bsc#1042299: CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28)
bsc#1042298: CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29)
bsc#1042309: CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30)
bsc#1042308: CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31)
bsc#1042307: CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32)
bsc#1042306: CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33)
Comment 1 Bernhard Wiedemann 2017-06-02 10:03:27 UTC
This is an autogenerated message for OBS integration:
This bug (1042330) was mentioned in
https://build.opensuse.org/request/show/500569 Factory / wireshark
Comment 2 Bernhard Wiedemann 2017-06-04 10:01:37 UTC
This is an autogenerated message for OBS integration:
This bug (1042330) was mentioned in
https://build.opensuse.org/request/show/500934 42.2 / wireshark
Comment 3 Swamp Workflow Management 2017-06-12 10:11:10 UTC
openSUSE-SU-2017:1534-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (low)
Bug References: 1042298,1042299,1042300,1042301,1042302,1042303,1042304,1042305,1042306,1042307,1042308,1042309,1042330
CVE References: CVE-2017-9343,CVE-2017-9344,CVE-2017-9345,CVE-2017-9346,CVE-2017-9347,CVE-2017-9348,CVE-2017-9349,CVE-2017-9350,CVE-2017-9351,CVE-2017-9352,CVE-2017-9353,CVE-2017-9354
Sources used:
openSUSE Leap 42.2 (src):    wireshark-2.2.7-14.6.1
Comment 4 Lingshan Zhu 2017-06-13 09:26:26 UTC
please see this link for update for SLE12
Comment 5 Lingshan Zhu 2017-06-14 03:28:10 UTC
For SLE11:  https://build.suse.de/request/show/134148
For SLE12: https://build.suse.de/request/show/134080
Comment 6 Lingshan Zhu 2017-06-27 06:03:28 UTC
MRs got accepted