Bug 1070727 - (CVE-2017-17083) VUL-0: CVE-2017-17083, CVE-2017-17084, CVE-2017-17085: wireshark: Version 2.2.11 fixes three crashes
(CVE-2017-17083)
VUL-0: CVE-2017-17083, CVE-2017-17084, CVE-2017-17085: wireshark: Version 2.2...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2017-17085:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-01 08:39 UTC by Johannes Segitz
Modified: 2018-01-18 07:23 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-12-01 08:39:45 UTC
https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html

- wnpa-sec-2017-47
  The IWARP_MPA dissector could crash

- wnpa-sec-2017-48
  The NetBIOS dissector could crash

- wnpa-sec-2017-49
  The CIP Safety dissector could crash
Comment 1 Bernhard Wiedemann 2017-12-01 15:40:47 UTC
This is an autogenerated message for OBS integration:
This bug (1070727) was mentioned in
https://build.opensuse.org/request/show/547092 Factory / wireshark
https://build.opensuse.org/request/show/547094 42.2+42.3 / wireshark
Comment 2 Andreas Stieger 2017-12-01 19:04:49 UTC
  * CVE-2017-17084: IWARP_MPA dissector crash (wnpa-sec-2017-47)
  * CVE-2017-17083: NetBIOS dissector crash (wnpa-sec-2017-48)
  * CVE-2017-17085: CIP Safety dissector crash (wnpa-sec-2017-49)
Comment 3 Bernhard Wiedemann 2017-12-01 21:40:05 UTC
This is an autogenerated message for OBS integration:
This bug (1070727) was mentioned in
https://build.opensuse.org/request/show/547256 Factory / wireshark
Comment 4 Swamp Workflow Management 2017-12-02 20:17:34 UTC
openSUSE-SU-2017:3202-1: An update that fixes three vulnerabilities is now available.

Category: security (low)
Bug References: 1070727
CVE References: CVE-2017-17083,CVE-2017-17084,CVE-2017-17085
Sources used:
openSUSE Leap 42.3 (src):    wireshark-2.2.11-28.1
openSUSE Leap 42.2 (src):    wireshark-2.2.11-14.20.1
Comment 8 Swamp Workflow Management 2017-12-27 14:10:46 UTC
SUSE-SU-2017:3436-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1070727
CVE References: CVE-2017-17083,CVE-2017-17084,CVE-2017-17085
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    wireshark-2.2.11-48.15.3
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    wireshark-2.2.11-48.15.3
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    wireshark-2.2.11-48.15.3
SUSE Linux Enterprise Server 12-SP3 (src):    wireshark-2.2.11-48.15.3
SUSE Linux Enterprise Server 12-SP2 (src):    wireshark-2.2.11-48.15.3
SUSE Linux Enterprise Desktop 12-SP3 (src):    wireshark-2.2.11-48.15.3
SUSE Linux Enterprise Desktop 12-SP2 (src):    wireshark-2.2.11-48.15.3
Comment 9 Swamp Workflow Management 2018-01-09 20:22:06 UTC
SUSE-SU-2018:0054-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1044417,1045341,1056248,1056249,1056251,1062645,1070727
CVE References: CVE-2017-13765,CVE-2017-13766,CVE-2017-13767,CVE-2017-15191,CVE-2017-15192,CVE-2017-15193,CVE-2017-17083,CVE-2017-17084,CVE-2017-17085,CVE-2017-9617,CVE-2017-9766
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libsmi-0.4.5-2.7.2.1, portaudio-19-234.18.1, wireshark-2.2.11-40.14.5
SUSE Linux Enterprise Server 11-SP4 (src):    libsmi-0.4.5-2.7.2.1, portaudio-19-234.18.1, wireshark-2.2.11-40.14.5
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libsmi-0.4.5-2.7.2.1, portaudio-19-234.18.1, wireshark-2.2.11-40.14.5
Comment 10 Marcus Meissner 2018-01-18 07:23:15 UTC
released