Advisories » MGASA-2018-0151

Updated wireshark packages fix security vulnerabilities

Publication date: 28 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-7320 , CVE-2018-7321 , CVE-2018-7322 , CVE-2018-7323 , CVE-2018-7324 , CVE-2018-7325 , CVE-2018-7326 , CVE-2018-7327 , CVE-2018-7328 , CVE-2018-7329 , CVE-2018-7330 , CVE-2018-7331 , CVE-2018-7332 , CVE-2018-7333 , CVE-2018-7334 , CVE-2018-7335 , CVE-2018-7336 , CVE-2018-7417 , CVE-2018-7418 , CVE-2018-7419 , CVE-2018-7420 , CVE-2018-9256 , CVE-2018-9259 , CVE-2018-9260 , CVE-2018-9261 , CVE-2018-9262 , CVE-2018-9263 , CVE-2018-9264 , CVE-2018-9265 , CVE-2018-9266 , CVE-2018-9267 , CVE-2018-9268 , CVE-2018-9269 , CVE-2018-9270 , CVE-2018-9271 , CVE-2018-9272 , CVE-2018-9273 , CVE-2018-9274

Description

The SIGCOMP dissector could crash (CVE-2018-7320).

Multiple dissectors could go into large infinite loops. All ASN.1 BER
dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA,
RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were
susceptible (CVE-2018-7321,CVE-2018-7322, CVE-2018-7323, CVE-2018-7324,
CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328,
CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332,
CVE-2018-7333).

The UMTS MAC dissector could crash (CVE-2018-7334).

The IEEE 802.11 dissector could crash (CVE-2018-7335)

The FCP dissector could crash (CVE-2018-7336).

The IPMI dissector could crash (CVE-2018-7417).

The SIGCOMP dissector could crash (CVE-2018-7418).

The NBAP disssector could crash (CVE-2018-7419).

The pcapng file parser could crash (CVE-2018-7420).

The LWAPP dissector could crash (CVE-2018-9256).

The MP4 dissector could crash (CVE-2018-9259).

The IEEE 802.15.4 dissector could crash (CVE-2018-9260).

The NBAP dissector could crash (CVE-2018-9261).

The VLAN dissector could crash (CVE-2018-9262).

The Kerberos dissector could crash (CVE-2018-9263).

The ADB dissector could crash (CVE-2018-9264).

Memory leaks in multiple dissectors (CVE-2018-9265, CVE-2018-9266,
CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270,
CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22643
• https://www.wireshark.org/security/wnpa-sec-2018-05.html
• https://www.wireshark.org/security/wnpa-sec-2018-06.html
• https://www.wireshark.org/security/wnpa-sec-2018-07.html
• https://www.wireshark.org/security/wnpa-sec-2018-09.html
• https://www.wireshark.org/security/wnpa-sec-2018-10.html
• https://www.wireshark.org/security/wnpa-sec-2018-11.html
• https://www.wireshark.org/security/wnpa-sec-2018-12.html
• https://www.wireshark.org/security/wnpa-sec-2018-13.html
• https://www.wireshark.org/security/wnpa-sec-2018-14.html
• https://www.wireshark.org/security/wnpa-sec-2018-15.html
• https://www.wireshark.org/security/wnpa-sec-2018-16.html
• https://www.wireshark.org/security/wnpa-sec-2018-17.html
• https://www.wireshark.org/security/wnpa-sec-2018-18.html
• https://www.wireshark.org/security/wnpa-sec-2018-19.html
• https://www.wireshark.org/security/wnpa-sec-2018-20.html
• https://www.wireshark.org/security/wnpa-sec-2018-23.html
• https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html
• https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html
• https://www.wireshark.org/news/20180223.html
• https://www.wireshark.org/news/20180403.html
• https://lists.opensuse.org/opensuse-updates/2018-04/msg00015.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7320
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7321
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7322
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7323
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7324
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7325
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7326
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7327
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7328
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7329
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7330
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7331
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7332
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7333
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7334
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7335
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7336
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7417
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7418
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7419
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7420
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9256
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9259
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9260
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9261
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9262
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9263
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9264
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9265
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9266
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9267
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9268
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9269
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9270
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9271
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9272
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9273
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9274

SRPMS

6/core

• wireshark-2.2.14-1.mga6