FEDORA-2015-13945

FEDORA-2015-13946

openSUSE-SU-2015:1836

DSA-3367

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

76387

1033272

http://www.wireshark.org/security/wnpa-sec-2015-28.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3fc4a831e035604b0af14ed8a5c9f6596a3448d0

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b53445e815fd6b652d49df03ec3d60b088c4fbc

Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

This update also fixes many older less important issues by updating the package to the version found in Debian 8 also known as Jessie.

For Debian 7 'Wheezy', these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u1.

We recommend that you upgrade your wireshark packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248)

The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version.

This update also fixes the following bug :

  - Prior to this update, when using the tshark utility to     capture packets over the interface, tshark failed to     create output files in the .pcap format even if it was     specified using the '-F' option. This bug has been     fixed, the '-F' option is now honored, and the result     saved in the .pcap format as expected.

In addition, this update adds the following enhancement :

  - Previously, wireshark included only microseconds in the     .pcapng format. With this update, wireshark supports     nanosecond time stamp precision to allow for more     accurate time stamps.

All running instances of Wireshark must be restarted for the update to take effect.

Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network.

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248)

The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat.

The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676)

This update also fixes the following bug :

* Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199)

In addition, this update adds the following enhancement :

* Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339)

All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.

From Red Hat Security Advisory 2015:2393 :

Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network.

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248)

The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat.

The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676)

This update also fixes the following bug :

* Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199)

In addition, this update adds the following enhancement :

* Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339)

All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.

wireshark was updated to version 1.12.8 to fix ten security issues.

These security issues were fixed :

  - CVE-2015-6247: The dissect_openflow_tablemod_v5 function     in epan/dissectors/packet-openflow_v5.c in the OpenFlow     dissector in Wireshark 1.12.x before 1.12.7 did not     validate a certain offset value, which allowed remote     attackers to cause a denial of service (infinite loop)     via a crafted packet (bsc#941500).

  - CVE-2015-6246: The dissect_wa_payload function in     epan/dissectors/packet-waveagent.c in the WaveAgent     dissector in Wireshark 1.12.x before 1.12.7 mishandles     large tag values, which allowed remote attackers to     cause a denial of service (application crash) via a     crafted packet (bsc#941500).

  - CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in     the GSM RLC/MAC dissector in Wireshark 1.12.x before     1.12.7 used incorrect integer data types, which allowed     remote attackers to cause a denial of service (infinite     loop) via a crafted packet (bsc#941500).

  - CVE-2015-6244: The dissect_zbee_secure function in     epan/dissectors/packet-zbee-security.c in the ZigBee     dissector in Wireshark 1.12.x before 1.12.7 improperly     relies on length fields contained in packet data, which     allowed remote attackers to cause a denial of service     (application crash) via a crafted packet (bsc#941500).

  - CVE-2015-6243: The dissector-table implementation in     epan/packet.c in Wireshark 1.12.x before 1.12.7     mishandles table searches for empty strings, which     allowed remote attackers to cause a denial of service     (application crash) via a crafted packet, related to the     (1) dissector_get_string_handle and (2)     dissector_get_default_string_handle functions     (bsc#941500).

  - CVE-2015-6242: The wmem_block_split_free_chunk function     in epan/wmem/wmem_allocator_block.c in the wmem block     allocator in the memory manager in Wireshark 1.12.x     before 1.12.7 did not properly consider a certain case     of multiple realloc operations that restore a memory     chunk to its original size, which allowed remote     attackers to cause a denial of service (incorrect free     operation and application crash) via a crafted packet     (bsc#941500).

  - CVE-2015-6241: The proto_tree_add_bytes_item function in     epan/proto.c in the protocol-tree implementation in     Wireshark 1.12.x before 1.12.7 did not properly     terminate a data structure after a failure to locate a     number within a string, which allowed remote attackers     to cause a denial of service (application crash) via a     crafted packet (bsc#941500).

  - CVE-2015-7830: pcapng file parser could crash while     copying an interface filter (bsc#950437).

  - CVE-2015-6249: The dissect_wccp2r1_address_table_info     function in epan/dissectors/packet-wccp.c in the WCCP     dissector in Wireshark 1.12.x before 1.12.7 did not     prevent the conflicting use of a table for both IPv4 and     IPv6 addresses, which allowed remote attackers to cause     a denial of service (application crash) via a crafted     packet (bsc#941500).

  - CVE-2015-6248: The ptvcursor_add function in the     ptvcursor implementation in epan/proto.c in Wireshark     1.12.x before 1.12.7 did not check whether the expected     amount of data is available, which allowed remote     attackers to cause a denial of service (application     crash) via a crafted packet (bsc#941500).

Wireshark has been updated to 1.12.7. (FATE#319388)

The following vulnerabilities have been fixed :

  - Wireshark could crash when adding an item to the     protocol tree. wnpa-sec-2015-21 CVE-2015-6241

  - Wireshark could attempt to free invalid memory.
    wnpa-sec-2015-22 CVE-2015-6242

  - Wireshark could crash when searching for a protocol     dissector. wnpa-sec-2015-23 CVE-2015-6243

  - The ZigBee dissector could crash. wnpa-sec-2015-24     CVE-2015-6244

  - The GSM RLC/MAC dissector could go into an infinite     loop. wnpa-sec-2015-25 CVE-2015-6245

  - The WaveAgent dissector could crash. wnpa-sec-2015-26     CVE-2015-6246

  - The OpenFlow dissector could go into an infinite loop.
    wnpa-sec-2015-27 CVE-2015-6247

  - Wireshark could crash due to invalid ptvcursor length     checking. wnpa-sec-2015-28 CVE-2015-6248

  - The WCCP dissector could crash. wnpa-sec-2015-29     CVE-2015-6249

  - Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.12.7     .html

Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Enable libnl3 (see rhbz#1207386, rhbz#1247566) - Remove     airpcap switch (doesn't have any effect on Linux) -     Backport patch no. 11 - Fixed building with F24+ * Ver.
    1.12.7

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Wireshark has been updated to 1.12.7. (FATE#319388)

The following vulnerabilities have been fixed :

  - Wireshark could crash when adding an item to the     protocol tree. wnpa-sec-2015-21 CVE-2015-6241

  - Wireshark could attempt to free invalid memory.
    wnpa-sec-2015-22 CVE-2015-6242

  - Wireshark could crash when searching for a protocol     dissector. wnpa-sec-2015-23 CVE-2015-6243

  - The ZigBee dissector could crash. wnpa-sec-2015-24     CVE-2015-6244

  - The GSM RLC/MAC dissector could go into an infinite     loop. wnpa-sec-2015-25 CVE-2015-6245

  - The WaveAgent dissector could crash. wnpa-sec-2015-26     CVE-2015-6246

  - The OpenFlow dissector could go into an infinite loop.
    wnpa-sec-2015-27 CVE-2015-6247

  - Wireshark could crash due to invalid ptvcursor length     checking. wnpa-sec-2015-28 CVE-2015-6248

  - The WCCP dissector could crash. wnpa-sec-2015-29     CVE-2015-6249

  - Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.12.7     .html

Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service.

Wireshark development team reports :

The following vulnerabilities have been fixed.

- wnpa-sec-2015-21

Protocol tree crash. (Bug 11309)

- wnpa-sec-2015-22

Memory manager crash. (Bug 11373)

- wnpa-sec-2015-23

Dissector table crash. (Bug 11381)

- wnpa-sec-2015-24

ZigBee crash. (Bug 11389)

- wnpa-sec-2015-25

GSM RLC/MAC infinite loop. (Bug 11358)

- wnpa-sec-2015-26

WaveAgent crash. (Bug 11358)

- wnpa-sec-2015-27

OpenFlow infinite loop. (Bug 11358)

- wnpa-sec-2015-28

Ptvcursor crash. (Bug 11358)

- wnpa-sec-2015-29

WCCP crash. (Bug 11358)

ID	Name	Product	Family	Severity
91395	Debian DLA-497-1 : wireshark security update	Nessus	Debian Local Security Checks	high
87578	Scientific Linux Security Update : wireshark on SL7.x x86_64 (20151119)	Nessus	Scientific Linux Local Security Checks	high
87156	CentOS 7 : wireshark (CESA-2015:2393)	Nessus	CentOS Local Security Checks	high
87038	Oracle Linux 7 : wireshark (ELSA-2015-2393)	Nessus	Oracle Linux Local Security Checks	high
86988	RHEL 7 : wireshark (RHSA-2015:2393)	Nessus	Red Hat Local Security Checks	high
86646	openSUSE Security Update : wireshark (openSUSE-2015-683)	Nessus	SuSE Local Security Checks	medium
86347	SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2015:1713-1)	Nessus	SuSE Local Security Checks	medium
86313	Fedora 22 : wireshark-1.12.7-2.fc22 (2015-13945)	Nessus	Fedora Local Security Checks	medium
86289	SUSE SLED11 Security Update : wireshark (SUSE-SU-2015:1676-2)	Nessus	SuSE Local Security Checks	medium
86288	SUSE SLES11 Security Update : wireshark (SUSE-SU-2015:1676-1)	Nessus	SuSE Local Security Checks	medium
86156	Debian DSA-3367-1 : wireshark - security update	Nessus	Debian Local Security Checks	medium
85861	FreeBSD : wireshark -- multiple vulnerabilities (9bdd8eb5-564a-11e5-9ad8-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	medium
85772	Fedora 23 : wireshark-1.12.7-2.fc23 (2015-13946)	Nessus	Fedora Local Security Checks	medium

CVE-2015-6248

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

medium

medium

medium

medium

medium

medium

medium

medium