{"affected":[{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","portaudio-devel":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-devel":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"libsmi","purl":"pkg:rpm/suse/libsmi&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.5-2.7.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","portaudio-devel":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-devel":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"portaudio","purl":"pkg:rpm/suse/portaudio&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"19-234.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","portaudio-devel":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-devel":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"wireshark","purl":"pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.11-40.14.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"libsmi","purl":"pkg:rpm/suse/libsmi&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.5-2.7.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"portaudio","purl":"pkg:rpm/suse/portaudio&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"19-234.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"wireshark","purl":"pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.11-40.14.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"libsmi","purl":"pkg:rpm/suse/libsmi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.5-2.7.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"portaudio","purl":"pkg:rpm/suse/portaudio&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"19-234.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsmi":"0.4.5-2.7.2.1","libwireshark8":"2.2.11-40.14.5","libwiretap6":"2.2.11-40.14.5","libwscodecs1":"2.2.11-40.14.5","libwsutil7":"2.2.11-40.14.5","portaudio":"19-234.18.1","wireshark":"2.2.11-40.14.5","wireshark-gtk":"2.2.11-40.14.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"wireshark","purl":"pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.11-40.14.5"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n  \nThis update for wireshark to version 2.2.11 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-13767: The MSDP dissector could have gone into an infinite loop.\n  This was addressed by adding length validation (bsc#1056248)\n- CVE-2017-13766: The Profinet I/O dissector could have crash with an\n  out-of-bounds write. This was addressed by adding string validation\n  (bsc#1056249)\n- CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application\n  crash. This was addressed by adding length validation (bsc#1056251)\n- CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote\n  attackers to cause a denial of service (stack exhaustion) in the\n  dissect_IODWriteReq function (bsc#1045341)\n- CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion\n  (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP\n  dissector (bsc#1044417)\n- CVE-2017-15192: The BT ATT dissector could crash. This was addressed\n  in epan/dissectors/packet-btatt.c by considering a case where not all\n  of the BTATT packets have the same encapsulation level. (bsc#1062645)\n- CVE-2017-15193: The MBIM dissector could crash or exhaust system\n  memory. This was addressed in epan/dissectors/packet-mbim.c by changing\n  the memory-allocation approach. (bsc#1062645)\n- CVE-2017-15191: The DMP dissector could crash. This was addressed in\n  epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645)\n- CVE-2017-17083: NetBIOS dissector could crash. This was addressed in\n  epan/dissectors/packet-netbios.c by ensuring that write operations are\n  bounded by the beginning of a buffer. (bsc#1070727)\n- CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed\n  in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU\n  length. (bsc#1070727)\n- CVE-2017-17085: the CIP Safety dissector could crash. This was\n  addressed in epan/dissectors/packet-cipsafety.c by validating the packet\n  length. (bsc#1070727)\n","id":"SUSE-SU-2018:0054-1","modified":"2018-01-09T15:42:20Z","published":"2018-01-09T15:42:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180054-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1044417"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045341"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056248"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056249"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056251"},{"type":"REPORT","url":"https://bugzilla.suse.com/1062645"},{"type":"REPORT","url":"https://bugzilla.suse.com/1070727"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13765"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13766"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13767"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15191"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15192"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15193"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17083"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17084"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17085"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9766"}],"related":["CVE-2017-13765","CVE-2017-13766","CVE-2017-13767","CVE-2017-15191","CVE-2017-15192","CVE-2017-15193","CVE-2017-17083","CVE-2017-17084","CVE-2017-17085","CVE-2017-9617","CVE-2017-9766"],"summary":"Security update for wireshark","upstream":["CVE-2017-13765","CVE-2017-13766","CVE-2017-13767","CVE-2017-15191","CVE-2017-15192","CVE-2017-15193","CVE-2017-17083","CVE-2017-17084","CVE-2017-17085","CVE-2017-9617","CVE-2017-9766"]}