Bug 1101804 - (CVE-2018-14340) VUL-1: CVE-2018-14340: wireshark: dissectors that support zlib decompression could crash
(CVE-2018-14340)
VUL-1: CVE-2018-14340: wireshark: dissectors that support zlib decompression ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/211115/
CVSSv3:SUSE:CVE-2018-14340:5.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-19 09:04 UTC by Johannes Segitz
Modified: 2020-06-12 20:52 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-19 09:04:30 UTC
CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors
that support zlib decompression could crash. This was addressed in
epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14340
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14675
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=672d882a53f96730e4ef1e5b1639c585823b0df8
https://www.wireshark.org/security/wnpa-sec-2018-36.html
Comment 1 Swamp Workflow Management 2018-07-20 10:10:21 UTC
This is an autogenerated message for OBS integration:
This bug (1101804) was mentioned in
https://build.opensuse.org/request/show/624233 Factory / wireshark
Comment 2 Swamp Workflow Management 2018-07-23 21:40:20 UTC
This is an autogenerated message for OBS integration:
This bug (1101804) was mentioned in
https://build.opensuse.org/request/show/624887 42.3 / wireshark
https://build.opensuse.org/request/show/624888 15.0 / wireshark
Comment 4 Swamp Workflow Management 2018-07-24 09:10:40 UTC
This is an autogenerated message for OBS integration:
This bug (1101804) was mentioned in
https://build.opensuse.org/request/show/624961 42.3 / wireshark
https://build.opensuse.org/request/show/624962 15.0 / wireshark
Comment 6 Lingshan Zhu 2018-07-25 09:11:17 UTC
For SLE12: https://build.suse.de/request/show/168850
For SLE11: https://build.suse.de/request/show/168849
Comment 9 Swamp Workflow Management 2018-08-03 19:16:34 UTC
openSUSE-SU-2018:2184-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810
CVE References: CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370
Sources used:
openSUSE Leap 15.0 (src):    wireshark-2.4.8-lp150.2.6.1
Comment 10 Swamp Workflow Management 2018-08-03 19:21:09 UTC
openSUSE-SU-2018:2188-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1082692,1101776,1101777,1101786,1101788,1101794,1101800,1101804,1101810
CVE References: CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14368,CVE-2018-14369,CVE-2018-7325
Sources used:
openSUSE Leap 42.3 (src):    wireshark-2.2.16-44.1
Comment 11 Swamp Workflow Management 2018-08-10 13:14:40 UTC
SUSE-SU-2018:2301-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810
CVE References: CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    wireshark-2.4.8-3.6.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    wireshark-2.4.8-3.6.1
Comment 12 Swamp Workflow Management 2018-08-17 19:09:14 UTC
SUSE-SU-2018:2412-1: An update that fixes 19 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810
CVE References: CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    wireshark-2.2.16-40.28.1
SUSE Linux Enterprise Server 11-SP4 (src):    wireshark-2.2.16-40.28.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    wireshark-2.2.16-40.28.1
Comment 14 Swamp Workflow Management 2018-09-27 13:15:19 UTC
SUSE-SU-2018:2891-1: An update that fixes 22 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514
CVE References: CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058
Sources used:
SUSE OpenStack Cloud 7 (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Server 12-SP3 (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Server 12-LTSS (src):    wireshark-2.4.9-48.29.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    wireshark-2.4.9-48.29.1
SUSE Enterprise Storage 4 (src):    wireshark-2.4.9-48.29.1
Comment 15 Swamp Workflow Management 2018-10-18 16:14:21 UTC
SUSE-SU-2018:2891-2: An update that fixes 22 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514
CVE References: CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    wireshark-2.4.9-48.29.1
Comment 16 Marcus Meissner 2019-01-08 07:45:12 UTC
released
Comment 17 Swamp Workflow Management 2020-03-13 20:18:39 UTC
SUSE-SU-2020:0693-1: An update that fixes 59 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1093733,1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514,1111647,1117740,1121231,1121232,1121233,1121234,1121235,1127367,1127369,1127370,1131941,1131945,1136021,1141980,1150690,1156288,1158505,1161052,1165241,1165710,957624
CVE References: CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-12086,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058,CVE-2018-18225,CVE-2018-18226,CVE-2018-18227,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627,CVE-2018-19628,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10897,CVE-2019-10898,CVE-2019-10899,CVE-2019-10900,CVE-2019-10901,CVE-2019-10902,CVE-2019-10903,CVE-2019-13619,CVE-2019-16319,CVE-2019-19553,CVE-2019-5716,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214,CVE-2020-7044,CVE-2020-9428,CVE-2020-9429,CVE-2020-9430,CVE-2020-9431
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    libmaxminddb-1.4.2-1.3.1, spandsp-0.0.6-3.2.1, wireshark-3.2.2-3.35.2
SUSE Linux Enterprise Server 15-LTSS (src):    libmaxminddb-1.4.2-1.3.1, spandsp-0.0.6-3.2.1, wireshark-3.2.2-3.35.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    spandsp-0.0.6-3.2.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    spandsp-0.0.6-3.2.1, wireshark-3.2.2-3.35.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libmaxminddb-1.4.2-1.3.1, spandsp-0.0.6-3.2.1, wireshark-3.2.2-3.35.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    libmaxminddb-1.4.2-1.3.1, spandsp-0.0.6-3.2.1, wireshark-3.2.2-3.35.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    libmaxminddb-1.4.2-1.3.1, spandsp-0.0.6-3.2.1, wireshark-3.2.2-3.35.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2020-03-19 23:14:47 UTC
openSUSE-SU-2020:0362-1: An update that fixes 59 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1093733,1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514,1111647,1117740,1121231,1121232,1121233,1121234,1121235,1127367,1127369,1127370,1131941,1131945,1136021,1141980,1150690,1156288,1158505,1161052,1165241,1165710,957624
CVE References: CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-12086,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058,CVE-2018-18225,CVE-2018-18226,CVE-2018-18227,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627,CVE-2018-19628,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10897,CVE-2019-10898,CVE-2019-10899,CVE-2019-10900,CVE-2019-10901,CVE-2019-10902,CVE-2019-10903,CVE-2019-13619,CVE-2019-16319,CVE-2019-19553,CVE-2019-5716,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214,CVE-2020-7044,CVE-2020-9428,CVE-2020-9429,CVE-2020-9430,CVE-2020-9431
Sources used:
openSUSE Leap 15.1 (src):    libmaxminddb-1.4.2-lp151.3.3.1, spandsp-0.0.6-lp151.3.3.1, wireshark-3.2.2-lp151.2.9.1