openSUSE Security Update : Wireshark (openSUSE-2017-840)
High Nessus Plugin ID 101970
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update to Wireshark 2.2.8 fixes some minor vulnerabilities could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file :
- CVE-2017-7702,CVE-2017-11410: WBMXL dissector infinite loop (wnpa-sec-2017-13)
- CVE-2017-9350,CVE-2017-11411: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28)
- CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34)
- CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35)
- CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36)
SolutionUpdate the affected Wireshark packages.