Bug 1175204 - (CVE-2020-17498) VUL-0: CVE-2020-17498: wireshark: Kafka dissector crash (wnpa-sec-2020-10)
(CVE-2020-17498)
VUL-0: CVE-2020-17498: wireshark: Kafka dissector crash (wnpa-sec-2020-10)
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Robert Frohl
E-mail List
https://smash.suse.de/issue/265136/
CVSSv3.1:SUSE:CVE-2020-17498:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-12 20:41 UTC by Andreas Stieger
Modified: 2021-07-05 07:06 UTC (History)
2 users (show)

See Also:
Found By: Security Review Board
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2020-08-12 20:41:19 UTC
Wireshark 3.2.x before 3.2.6 could have been made to crash in the Kafka dissector due to a double free composite tvb (wnpa-sec-2020-10).

https://www.wireshark.org/security/wnpa-sec-2020-10.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
https://www.wireshark.org/lists/wireshark-announce/202008/msg00000.html
Comment 1 Swamp Workflow Management 2020-09-11 13:16:08 UTC
SUSE-SU-2020:2610-1: An update that solves 8 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1058115,1071995,1154366,1165629,1165631,1171988,1172428,1173798,1174205,1174757,1175112,1175122,1175128,1175204,1175213,1175515,1175518,1175691,1175992,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1, kernel-zfcpdump-4.12.14-150.58.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 2 Swamp Workflow Management 2020-09-11 13:23:03 UTC
SUSE-SU-2020:2610-1: An update that solves 8 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1058115,1071995,1154366,1165629,1165631,1171988,1172428,1173798,1174205,1174757,1175112,1175122,1175128,1175204,1175213,1175515,1175518,1175691,1175992,1176069
CVE References: CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1, kernel-zfcpdump-4.12.14-150.58.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.58.1, kernel-livepatch-SLE15_Update_20-1-1.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-default-4.12.14-150.58.1, kernel-docs-4.12.14-150.58.1, kernel-obs-build-4.12.14-150.58.1, kernel-source-4.12.14-150.58.1, kernel-syms-4.12.14-150.58.1, kernel-vanilla-4.12.14-150.58.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.58.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2020-11-05 14:19:27 UTC
SUSE-SU-2020:3166-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1175204,1176908,1176909,1176910
CVE References: CVE-2020-17498,CVE-2020-25862,CVE-2020-25863,CVE-2020-25866
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    wireshark-3.2.7-3.41.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    wireshark-3.2.7-3.41.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    wireshark-3.2.7-3.41.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    wireshark-3.2.7-3.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-11-08 23:19:38 UTC
openSUSE-SU-2020:1878-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1175204,1176908,1176909,1176910
CVE References: CVE-2020-17498,CVE-2020-25862,CVE-2020-25863,CVE-2020-25866
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    wireshark-3.2.7-lp151.2.15.1
Comment 6 Swamp Workflow Management 2020-11-09 17:20:10 UTC
openSUSE-SU-2020:1882-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1175204,1176908,1176909,1176910
CVE References: CVE-2020-17498,CVE-2020-25862,CVE-2020-25863,CVE-2020-25866
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    wireshark-3.2.7-lp152.2.6.1
Comment 7 Robert Frohl 2021-07-05 07:06:23 UTC
fixed