FEDORA-2015-13945

FEDORA-2015-13946

openSUSE-SU-2015:1836

DSA-3367

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

1033272

http://www.wireshark.org/security/wnpa-sec-2015-29.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1eaf29d4056f05d1bd6a7f3d692553ec069a228

wireshark was updated to version 1.12.8 to fix ten security issues.

These security issues were fixed :

  - CVE-2015-6247: The dissect_openflow_tablemod_v5 function     in epan/dissectors/packet-openflow_v5.c in the OpenFlow     dissector in Wireshark 1.12.x before 1.12.7 did not     validate a certain offset value, which allowed remote     attackers to cause a denial of service (infinite loop)     via a crafted packet (bsc#941500).

  - CVE-2015-6246: The dissect_wa_payload function in     epan/dissectors/packet-waveagent.c in the WaveAgent     dissector in Wireshark 1.12.x before 1.12.7 mishandles     large tag values, which allowed remote attackers to     cause a denial of service (application crash) via a     crafted packet (bsc#941500).

  - CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in     the GSM RLC/MAC dissector in Wireshark 1.12.x before     1.12.7 used incorrect integer data types, which allowed     remote attackers to cause a denial of service (infinite     loop) via a crafted packet (bsc#941500).

  - CVE-2015-6244: The dissect_zbee_secure function in     epan/dissectors/packet-zbee-security.c in the ZigBee     dissector in Wireshark 1.12.x before 1.12.7 improperly     relies on length fields contained in packet data, which     allowed remote attackers to cause a denial of service     (application crash) via a crafted packet (bsc#941500).

  - CVE-2015-6243: The dissector-table implementation in     epan/packet.c in Wireshark 1.12.x before 1.12.7     mishandles table searches for empty strings, which     allowed remote attackers to cause a denial of service     (application crash) via a crafted packet, related to the     (1) dissector_get_string_handle and (2)     dissector_get_default_string_handle functions     (bsc#941500).

  - CVE-2015-6242: The wmem_block_split_free_chunk function     in epan/wmem/wmem_allocator_block.c in the wmem block     allocator in the memory manager in Wireshark 1.12.x     before 1.12.7 did not properly consider a certain case     of multiple realloc operations that restore a memory     chunk to its original size, which allowed remote     attackers to cause a denial of service (incorrect free     operation and application crash) via a crafted packet     (bsc#941500).

  - CVE-2015-6241: The proto_tree_add_bytes_item function in     epan/proto.c in the protocol-tree implementation in     Wireshark 1.12.x before 1.12.7 did not properly     terminate a data structure after a failure to locate a     number within a string, which allowed remote attackers     to cause a denial of service (application crash) via a     crafted packet (bsc#941500).

  - CVE-2015-7830: pcapng file parser could crash while     copying an interface filter (bsc#950437).

  - CVE-2015-6249: The dissect_wccp2r1_address_table_info     function in epan/dissectors/packet-wccp.c in the WCCP     dissector in Wireshark 1.12.x before 1.12.7 did not     prevent the conflicting use of a table for both IPv4 and     IPv6 addresses, which allowed remote attackers to cause     a denial of service (application crash) via a crafted     packet (bsc#941500).

  - CVE-2015-6248: The ptvcursor_add function in the     ptvcursor implementation in epan/proto.c in Wireshark     1.12.x before 1.12.7 did not check whether the expected     amount of data is available, which allowed remote     attackers to cause a denial of service (application     crash) via a crafted packet (bsc#941500).

Wireshark has been updated to 1.12.7. (FATE#319388)

The following vulnerabilities have been fixed :

  - Wireshark could crash when adding an item to the     protocol tree. wnpa-sec-2015-21 CVE-2015-6241

  - Wireshark could attempt to free invalid memory.
    wnpa-sec-2015-22 CVE-2015-6242

  - Wireshark could crash when searching for a protocol     dissector. wnpa-sec-2015-23 CVE-2015-6243

  - The ZigBee dissector could crash. wnpa-sec-2015-24     CVE-2015-6244

  - The GSM RLC/MAC dissector could go into an infinite     loop. wnpa-sec-2015-25 CVE-2015-6245

  - The WaveAgent dissector could crash. wnpa-sec-2015-26     CVE-2015-6246

  - The OpenFlow dissector could go into an infinite loop.
    wnpa-sec-2015-27 CVE-2015-6247

  - Wireshark could crash due to invalid ptvcursor length     checking. wnpa-sec-2015-28 CVE-2015-6248

  - The WCCP dissector could crash. wnpa-sec-2015-29     CVE-2015-6249

  - Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.12.7     .html

Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Enable libnl3 (see rhbz#1207386, rhbz#1247566) - Remove     airpcap switch (doesn't have any effect on Linux) -     Backport patch no. 11 - Fixed building with F24+ * Ver.
    1.12.7

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Wireshark has been updated to 1.12.7. (FATE#319388)

The following vulnerabilities have been fixed :

  - Wireshark could crash when adding an item to the     protocol tree. wnpa-sec-2015-21 CVE-2015-6241

  - Wireshark could attempt to free invalid memory.
    wnpa-sec-2015-22 CVE-2015-6242

  - Wireshark could crash when searching for a protocol     dissector. wnpa-sec-2015-23 CVE-2015-6243

  - The ZigBee dissector could crash. wnpa-sec-2015-24     CVE-2015-6244

  - The GSM RLC/MAC dissector could go into an infinite     loop. wnpa-sec-2015-25 CVE-2015-6245

  - The WaveAgent dissector could crash. wnpa-sec-2015-26     CVE-2015-6246

  - The OpenFlow dissector could go into an infinite loop.
    wnpa-sec-2015-27 CVE-2015-6247

  - Wireshark could crash due to invalid ptvcursor length     checking. wnpa-sec-2015-28 CVE-2015-6248

  - The WCCP dissector could crash. wnpa-sec-2015-29     CVE-2015-6249

  - Further bug fixes and updated protocol support as listed     in:
    https://www.wireshark.org/docs/relnotes/wireshark-1.12.7     .html

Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service.

Wireshark development team reports :

The following vulnerabilities have been fixed.

- wnpa-sec-2015-21

Protocol tree crash. (Bug 11309)

- wnpa-sec-2015-22

Memory manager crash. (Bug 11373)

- wnpa-sec-2015-23

Dissector table crash. (Bug 11381)

- wnpa-sec-2015-24

ZigBee crash. (Bug 11389)

- wnpa-sec-2015-25

GSM RLC/MAC infinite loop. (Bug 11358)

- wnpa-sec-2015-26

WaveAgent crash. (Bug 11358)

- wnpa-sec-2015-27

OpenFlow infinite loop. (Bug 11358)

- wnpa-sec-2015-28

Ptvcursor crash. (Bug 11358)

- wnpa-sec-2015-29

WCCP crash. (Bug 11358)

ID	Name	Product	Family	Severity
86646	openSUSE Security Update : wireshark (openSUSE-2015-683)	Nessus	SuSE Local Security Checks	medium
86347	SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2015:1713-1)	Nessus	SuSE Local Security Checks	medium
86313	Fedora 22 : wireshark-1.12.7-2.fc22 (2015-13945)	Nessus	Fedora Local Security Checks	medium
86289	SUSE SLED11 Security Update : wireshark (SUSE-SU-2015:1676-2)	Nessus	SuSE Local Security Checks	medium
86288	SUSE SLES11 Security Update : wireshark (SUSE-SU-2015:1676-1)	Nessus	SuSE Local Security Checks	medium
86156	Debian DSA-3367-1 : wireshark - security update	Nessus	Debian Local Security Checks	medium
85861	FreeBSD : wireshark -- multiple vulnerabilities (9bdd8eb5-564a-11e5-9ad8-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	medium
85772	Fedora 23 : wireshark-1.12.7-2.fc23 (2015-13946)	Nessus	Fedora Local Security Checks	medium

CVE-2015-6249

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium