SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2016:0109-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update contains Wireshark 1.12.9 and fixes the following issues :

- CVE-2015-7830: pcapng file parser could crash while
copying an interface filter (bsc#950437)

- CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP
dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x
before 2.0.1 does not validate conversation data, which
allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a
crafted packet.

- CVE-2015-8712: The dissect_hsdsch_channel_info function
in epan/dissectors/packet-umts_fp.c in the UMTS FP
dissector in Wireshark 1.12.x before 1.12.9 does not
validate the number of PDUs, which allows remote
attackers to cause a denial of service (application
crash) via a crafted packet.

- CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the
UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does
not properly reserve memory for channel ID mappings,
which allows remote attackers to cause a denial of
service (out-of-bounds memory access and application
crash) via a crafted packet.

- CVE-2015-8714: The dissect_dcom_OBJREF function in
epan/dissectors/packet-dcom.c in the DCOM dissector in
Wireshark 1.12.x before 1.12.9 does not initialize a
certain IPv4 data structure, which allows remote
attackers to cause a denial of service (application
crash) via a crafted packet.

- CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the
AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does
not check for empty arguments, which allows remote
attackers to cause a denial of service (infinite loop)
via a crafted packet.

- CVE-2015-8716: The init_t38_info_conv function in
epan/dissectors/packet-t38.c in the T.38 dissector in
Wireshark 1.12.x before 1.12.9 does not ensure that a
conversation exists, which allows remote attackers to
cause a denial of service (application crash) via a
crafted packet.

- CVE-2015-8717: The dissect_sdp function in
epan/dissectors/packet-sdp.c in the SDP dissector in
Wireshark 1.12.x before 1.12.9 does not prevent use of a
negative media count, which allows remote attackers to
cause a denial of service (application crash) via a
crafted packet.

- CVE-2015-8718: Double free vulnerability in
epan/dissectors/packet-nlm.c in the NLM dissector in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,
when the 'Match MSG/RES packets for async NLM' option is
enabled, allows remote attackers to cause a denial of
service (application crash) via a crafted packet.

- CVE-2015-8719: The dissect_dns_answer function in
epan/dissectors/packet-dns.c in the DNS dissector in
Wireshark 1.12.x before 1.12.9 mishandles the EDNS0
Client Subnet option, which allows remote attackers to
cause a denial of service (application crash) via a
crafted packet.

- CVE-2015-8720: The dissect_ber_GeneralizedTime function
in epan/dissectors/packet-ber.c in the BER dissector in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
improperly checks an sscanf return value, which allows
remote attackers to cause a denial of service
(application crash) via a crafted packet.

- CVE-2015-8721: Buffer overflow in the tvb_uncompress
function in epan/tvbuff_zlib.c in Wireshark 1.12.x
before 1.12.9 and 2.0.x before 2.0.1 allows remote
attackers to cause a denial of service (application
crash) via a crafted packet with zlib compression.

- CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP
dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x
before 2.0.1 does not validate the frame pointer, which
allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a
crafted packet.

- CVE-2015-8723: The AirPDcapPacketProcess function in
epan/crypt/airpdcap.c in the 802.11 dissector in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
does not validate the relationship between the total
length and the capture length, which allows remote
attackers to cause a denial of service (stack-based
buffer overflow and application crash) via a crafted

- CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey
function in epan/crypt/airpdcap.c in the 802.11
dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x
before 2.0.1 does not verify the WPA broadcast key
length, which allows remote attackers to cause a denial
of service (out-of-bounds read and application crash)
via a crafted packet.

- CVE-2015-8725: The
dissect_diameter_base_framed_ipv6_prefix function in
epan/dissectors/packet-diameter.c in the DIAMETER
dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x
before 2.0.1 does not validate the IPv6 prefix length,
which allows remote attackers to cause a denial of
service (stack-based buffer overflow and application
crash) via a crafted packet.

- CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser
in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
does not validate certain signature and Modulation and
Coding Scheme (MCS) data, which allows remote attackers
to cause a denial of service (out-of-bounds read and
application crash) via a crafted file.

- CVE-2015-8727: The dissect_rsvp_common function in
epan/dissectors/packet-rsvp.c in the RSVP dissector in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
does not properly maintain request-key data, which
allows remote attackers to cause a denial of service
(use-after-free and application crash) via a crafted
packet.

- CVE-2015-8728: The Mobile Identity parser in (1)
epan/dissectors/packet-ansi_a.c in the ANSI A dissector
and (2) epan/dissectors/packet-gsm_a_common.c in the GSM
A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x
before 2.0.1 improperly uses the
tvb_bcd_dig_to_wmem_packet_str function, which allows
remote attackers to cause a denial of service (buffer
overflow and application crash) via a crafted packet.

- CVE-2015-8729: The ascend_seek function in
wiretap/ascendtext.c in the Ascend file parser in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
does not ensure the presence of a '\0' character at the
end of a date string, which allows remote attackers to
cause a denial of service (out-of-bounds read and
application crash) via a crafted file.

- CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP
dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x
before 2.0.1 does not validate the number of items,
which allows remote attackers to cause a denial of
service (invalid read operation and application crash)
via a crafted packet.

- CVE-2015-8731: The dissct_rsl_ipaccess_msg function in
epan/dissectors/packet-rsl.c in the RSL dissector in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
does not reject unknown TLV types, which allows remote
attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted packet.

- CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp
function in epan/dissectors/packet-zbee-zcl-general.c in
the ZigBee ZCL dissector in Wireshark 1.12.x before
1.12.9 and 2.0.x before 2.0.1 does not validate the
Total Profile Number field, which allows remote
attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted packet.

- CVE-2015-8733: The ngsniffer_process_record function in
wiretap/ngsniffer.c in the Sniffer file parser in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
does not validate the relationships between record
lengths and record header lengths, which allows remote
attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted file.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/950437
https://bugzilla.suse.com/960382
https://www.suse.com/security/cve/CVE-2015-7830.html
https://www.suse.com/security/cve/CVE-2015-8711.html
https://www.suse.com/security/cve/CVE-2015-8712.html
https://www.suse.com/security/cve/CVE-2015-8713.html
https://www.suse.com/security/cve/CVE-2015-8714.html
https://www.suse.com/security/cve/CVE-2015-8715.html
https://www.suse.com/security/cve/CVE-2015-8716.html
https://www.suse.com/security/cve/CVE-2015-8717.html
https://www.suse.com/security/cve/CVE-2015-8718.html
https://www.suse.com/security/cve/CVE-2015-8719.html
https://www.suse.com/security/cve/CVE-2015-8720.html
https://www.suse.com/security/cve/CVE-2015-8721.html
https://www.suse.com/security/cve/CVE-2015-8722.html
https://www.suse.com/security/cve/CVE-2015-8723.html
https://www.suse.com/security/cve/CVE-2015-8724.html
https://www.suse.com/security/cve/CVE-2015-8725.html
https://www.suse.com/security/cve/CVE-2015-8726.html
https://www.suse.com/security/cve/CVE-2015-8727.html
https://www.suse.com/security/cve/CVE-2015-8728.html
https://www.suse.com/security/cve/CVE-2015-8729.html
https://www.suse.com/security/cve/CVE-2015-8730.html
https://www.suse.com/security/cve/CVE-2015-8731.html
https://www.suse.com/security/cve/CVE-2015-8732.html
https://www.suse.com/security/cve/CVE-2015-8733.html
http://www.nessus.org/u?227a36dd

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP1 :

zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-76=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2016-76=1

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-76=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-76=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-76=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-76=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true