Operating System:

[SUSE]

Published:

16 March 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0926
             SUSE-SU-2020:0693-1 Security update for wireshark
                               16 March 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wireshark
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service -- Remote/Unauthenticated
                   Reduced Security  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-9431 CVE-2020-9430 CVE-2020-9429
                   CVE-2020-9428 CVE-2020-7044 CVE-2019-19553
                   CVE-2019-16319 CVE-2019-13619 CVE-2019-10903
                   CVE-2019-10902 CVE-2019-10901 CVE-2019-10900
                   CVE-2019-10899 CVE-2019-10898 CVE-2019-10897
                   CVE-2019-10896 CVE-2019-10895 CVE-2019-10894
                   CVE-2019-9214 CVE-2019-9209 CVE-2019-9208
                   CVE-2019-5721 CVE-2019-5719 CVE-2019-5718
                   CVE-2019-5717 CVE-2019-5716 CVE-2018-19628
                   CVE-2018-19627 CVE-2018-19626 CVE-2018-19625
                   CVE-2018-19624 CVE-2018-19623 CVE-2018-19622
                   CVE-2018-18227 CVE-2018-18226 CVE-2018-18225
                   CVE-2018-16058 CVE-2018-16057 CVE-2018-16056
                   CVE-2018-14370 CVE-2018-14369 CVE-2018-14368
                   CVE-2018-14367 CVE-2018-14344 CVE-2018-14343
                   CVE-2018-14342 CVE-2018-14341 CVE-2018-14340
                   CVE-2018-14339 CVE-2018-12086 CVE-2018-11362
                   CVE-2018-11361 CVE-2018-11360 CVE-2018-11359
                   CVE-2018-11358 CVE-2018-11357 CVE-2018-11356
                   CVE-2018-11355 CVE-2018-11354 

Reference:         ASB-2019.0063
                   ESB-2020.0172
                   ESB-2019.3517
                   ESB-2019.1761
                   ESB-2019.0024
                   ESB-2018.2926
                   ESB-2018.1668

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20200693-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for wireshark

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:0693-1
Rating:            moderate
References:        #1093733 #1094301 #1101776 #1101777 #1101786 #1101788
                   #1101791 #1101794 #1101800 #1101802 #1101804 #1101810
                   #1106514 #1111647 #1117740 #1121231 #1121232 #1121233
                   #1121234 #1121235 #1127367 #1127369 #1127370 #1131941
                   #1131945 #1136021 #1141980 #1150690 #1156288 #1158505
                   #1161052 #1165241 #1165710 #957624
Cross-References:  CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357
                   CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361
                   CVE-2018-11362 CVE-2018-12086 CVE-2018-14339 CVE-2018-14340
                   CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344
                   CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370
                   CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-18225
                   CVE-2018-18226 CVE-2018-18227 CVE-2018-19622 CVE-2018-19623
                   CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627
                   CVE-2018-19628 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896
                   CVE-2019-10897 CVE-2019-10898 CVE-2019-10899 CVE-2019-10900
                   CVE-2019-10901 CVE-2019-10902 CVE-2019-10903 CVE-2019-13619
                   CVE-2019-16319 CVE-2019-19553 CVE-2019-5716 CVE-2019-5717
                   CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 CVE-2019-9208
                   CVE-2019-9209 CVE-2019-9214 CVE-2020-7044 CVE-2020-9428
                   CVE-2020-9429 CVE-2020-9430 CVE-2020-9431
Affected Products:
                   SUSE Linux Enterprise Server for SAP 15
                   SUSE Linux Enterprise Server 15-LTSS
                   SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                   SUSE Linux Enterprise Module for Desktop Applications 15-SP1
                   SUSE Linux Enterprise Module for Basesystem 15-SP1
                   SUSE Linux Enterprise High Performance Computing 15-LTSS
                   SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

An update that fixes 59 vulnerabilities is now available.

Description:

This update for wireshark and libmaxminddb fixes the following issues:
Update wireshark to new major version 3.2.2 and introduce libmaxminddb for
GeoIP support (bsc#1156288).
New features include:

  o Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0,
    802.11ax and QUIC
  o Improved support for existing protocols, like HTTP/2
  o Improved analytics and usability functionalities

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server for SAP 15:
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-693=1
  o SUSE Linux Enterprise Server 15-LTSS:
    zypper in -t patch SUSE-SLE-Product-SLES-15-2020-693=1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-693=1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-693=1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-693=1
  o SUSE Linux Enterprise High Performance Computing 15-LTSS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-693=1
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-693=1

Package List:

  o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
       libmaxminddb-debugsource-1.4.2-1.3.1
       libmaxminddb-devel-1.4.2-1.3.1
       libmaxminddb0-1.4.2-1.3.1
       libmaxminddb0-debuginfo-1.4.2-1.3.1
       libspandsp2-0.0.6-3.2.1
       libspandsp2-debuginfo-0.0.6-3.2.1
       libwireshark13-3.2.2-3.35.2
       libwireshark13-debuginfo-3.2.2-3.35.2
       libwiretap10-3.2.2-3.35.2
       libwiretap10-debuginfo-3.2.2-3.35.2
       libwsutil11-3.2.2-3.35.2
       libwsutil11-debuginfo-3.2.2-3.35.2
       mmdblookup-1.4.2-1.3.1
       wireshark-3.2.2-3.35.2
       wireshark-debuginfo-3.2.2-3.35.2
       wireshark-debugsource-3.2.2-3.35.2
  o SUSE Linux Enterprise Server for SAP 15 (x86_64):
       libmaxminddb0-32bit-1.4.2-1.3.1
       libmaxminddb0-32bit-debuginfo-1.4.2-1.3.1
  o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
       libmaxminddb-debugsource-1.4.2-1.3.1
       libmaxminddb-devel-1.4.2-1.3.1
       libmaxminddb0-1.4.2-1.3.1
       libmaxminddb0-debuginfo-1.4.2-1.3.1
       libspandsp2-0.0.6-3.2.1
       libspandsp2-debuginfo-0.0.6-3.2.1
       libwireshark13-3.2.2-3.35.2
       libwireshark13-debuginfo-3.2.2-3.35.2
       libwiretap10-3.2.2-3.35.2
       libwiretap10-debuginfo-3.2.2-3.35.2
       libwsutil11-3.2.2-3.35.2
       libwsutil11-debuginfo-3.2.2-3.35.2
       mmdblookup-1.4.2-1.3.1
       wireshark-3.2.2-3.35.2
       wireshark-debuginfo-3.2.2-3.35.2
       wireshark-debugsource-3.2.2-3.35.2
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (x86_64):
       libspandsp2-32bit-0.0.6-3.2.1
       libspandsp2-32bit-debuginfo-0.0.6-3.2.1
       spandsp-debugsource-0.0.6-3.2.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (noarch):
       spandsp-doc-0.0.6-3.2.1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64
    ppc64le s390x x86_64):
       libspandsp2-0.0.6-3.2.1
       libspandsp2-debuginfo-0.0.6-3.2.1
       spandsp-debugsource-0.0.6-3.2.1
       spandsp-devel-0.0.6-3.2.1
       wireshark-debuginfo-3.2.2-3.35.2
       wireshark-debugsource-3.2.2-3.35.2
       wireshark-devel-3.2.2-3.35.2
       wireshark-ui-qt-3.2.2-3.35.2
       wireshark-ui-qt-debuginfo-3.2.2-3.35.2
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x
    x86_64):
       libmaxminddb-debugsource-1.4.2-1.3.1
       libmaxminddb-devel-1.4.2-1.3.1
       libmaxminddb0-1.4.2-1.3.1
       libmaxminddb0-debuginfo-1.4.2-1.3.1
       libspandsp2-0.0.6-3.2.1
       libspandsp2-debuginfo-0.0.6-3.2.1
       libwireshark13-3.2.2-3.35.2
       libwireshark13-debuginfo-3.2.2-3.35.2
       libwiretap10-3.2.2-3.35.2
       libwiretap10-debuginfo-3.2.2-3.35.2
       libwsutil11-3.2.2-3.35.2
       libwsutil11-debuginfo-3.2.2-3.35.2
       mmdblookup-1.4.2-1.3.1
       wireshark-3.2.2-3.35.2
       wireshark-debuginfo-3.2.2-3.35.2
       wireshark-debugsource-3.2.2-3.35.2
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64):
       libmaxminddb0-32bit-1.4.2-1.3.1
       libmaxminddb0-32bit-debuginfo-1.4.2-1.3.1
  o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
       libmaxminddb-debugsource-1.4.2-1.3.1
       libmaxminddb-devel-1.4.2-1.3.1
       libmaxminddb0-1.4.2-1.3.1
       libmaxminddb0-debuginfo-1.4.2-1.3.1
       libspandsp2-0.0.6-3.2.1
       libspandsp2-debuginfo-0.0.6-3.2.1
       libwireshark13-3.2.2-3.35.2
       libwireshark13-debuginfo-3.2.2-3.35.2
       libwiretap10-3.2.2-3.35.2
       libwiretap10-debuginfo-3.2.2-3.35.2
       libwsutil11-3.2.2-3.35.2
       libwsutil11-debuginfo-3.2.2-3.35.2
       mmdblookup-1.4.2-1.3.1
       wireshark-3.2.2-3.35.2
       wireshark-debuginfo-3.2.2-3.35.2
       wireshark-debugsource-3.2.2-3.35.2
  o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
       libmaxminddb0-32bit-1.4.2-1.3.1
       libmaxminddb0-32bit-debuginfo-1.4.2-1.3.1
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
       libmaxminddb-debugsource-1.4.2-1.3.1
       libmaxminddb-devel-1.4.2-1.3.1
       libmaxminddb0-1.4.2-1.3.1
       libmaxminddb0-debuginfo-1.4.2-1.3.1
       libspandsp2-0.0.6-3.2.1
       libspandsp2-debuginfo-0.0.6-3.2.1
       libwireshark13-3.2.2-3.35.2
       libwireshark13-debuginfo-3.2.2-3.35.2
       libwiretap10-3.2.2-3.35.2
       libwiretap10-debuginfo-3.2.2-3.35.2
       libwsutil11-3.2.2-3.35.2
       libwsutil11-debuginfo-3.2.2-3.35.2
       mmdblookup-1.4.2-1.3.1
       wireshark-3.2.2-3.35.2
       wireshark-debuginfo-3.2.2-3.35.2
       wireshark-debugsource-3.2.2-3.35.2
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
       libmaxminddb0-32bit-1.4.2-1.3.1
       libmaxminddb0-32bit-debuginfo-1.4.2-1.3.1


References:

  o https://www.suse.com/security/cve/CVE-2018-11354.html
  o https://www.suse.com/security/cve/CVE-2018-11355.html
  o https://www.suse.com/security/cve/CVE-2018-11356.html
  o https://www.suse.com/security/cve/CVE-2018-11357.html
  o https://www.suse.com/security/cve/CVE-2018-11358.html
  o https://www.suse.com/security/cve/CVE-2018-11359.html
  o https://www.suse.com/security/cve/CVE-2018-11360.html
  o https://www.suse.com/security/cve/CVE-2018-11361.html
  o https://www.suse.com/security/cve/CVE-2018-11362.html
  o https://www.suse.com/security/cve/CVE-2018-12086.html
  o https://www.suse.com/security/cve/CVE-2018-14339.html
  o https://www.suse.com/security/cve/CVE-2018-14340.html
  o https://www.suse.com/security/cve/CVE-2018-14341.html
  o https://www.suse.com/security/cve/CVE-2018-14342.html
  o https://www.suse.com/security/cve/CVE-2018-14343.html
  o https://www.suse.com/security/cve/CVE-2018-14344.html
  o https://www.suse.com/security/cve/CVE-2018-14367.html
  o https://www.suse.com/security/cve/CVE-2018-14368.html
  o https://www.suse.com/security/cve/CVE-2018-14369.html
  o https://www.suse.com/security/cve/CVE-2018-14370.html
  o https://www.suse.com/security/cve/CVE-2018-16056.html
  o https://www.suse.com/security/cve/CVE-2018-16057.html
  o https://www.suse.com/security/cve/CVE-2018-16058.html
  o https://www.suse.com/security/cve/CVE-2018-18225.html
  o https://www.suse.com/security/cve/CVE-2018-18226.html
  o https://www.suse.com/security/cve/CVE-2018-18227.html
  o https://www.suse.com/security/cve/CVE-2018-19622.html
  o https://www.suse.com/security/cve/CVE-2018-19623.html
  o https://www.suse.com/security/cve/CVE-2018-19624.html
  o https://www.suse.com/security/cve/CVE-2018-19625.html
  o https://www.suse.com/security/cve/CVE-2018-19626.html
  o https://www.suse.com/security/cve/CVE-2018-19627.html
  o https://www.suse.com/security/cve/CVE-2018-19628.html
  o https://www.suse.com/security/cve/CVE-2019-10894.html
  o https://www.suse.com/security/cve/CVE-2019-10895.html
  o https://www.suse.com/security/cve/CVE-2019-10896.html
  o https://www.suse.com/security/cve/CVE-2019-10897.html
  o https://www.suse.com/security/cve/CVE-2019-10898.html
  o https://www.suse.com/security/cve/CVE-2019-10899.html
  o https://www.suse.com/security/cve/CVE-2019-10900.html
  o https://www.suse.com/security/cve/CVE-2019-10901.html
  o https://www.suse.com/security/cve/CVE-2019-10902.html
  o https://www.suse.com/security/cve/CVE-2019-10903.html
  o https://www.suse.com/security/cve/CVE-2019-13619.html
  o https://www.suse.com/security/cve/CVE-2019-16319.html
  o https://www.suse.com/security/cve/CVE-2019-19553.html
  o https://www.suse.com/security/cve/CVE-2019-5716.html
  o https://www.suse.com/security/cve/CVE-2019-5717.html
  o https://www.suse.com/security/cve/CVE-2019-5718.html
  o https://www.suse.com/security/cve/CVE-2019-5719.html
  o https://www.suse.com/security/cve/CVE-2019-5721.html
  o https://www.suse.com/security/cve/CVE-2019-9208.html
  o https://www.suse.com/security/cve/CVE-2019-9209.html
  o https://www.suse.com/security/cve/CVE-2019-9214.html
  o https://www.suse.com/security/cve/CVE-2020-7044.html
  o https://www.suse.com/security/cve/CVE-2020-9428.html
  o https://www.suse.com/security/cve/CVE-2020-9429.html
  o https://www.suse.com/security/cve/CVE-2020-9430.html
  o https://www.suse.com/security/cve/CVE-2020-9431.html
  o https://bugzilla.suse.com/1093733
  o https://bugzilla.suse.com/1094301
  o https://bugzilla.suse.com/1101776
  o https://bugzilla.suse.com/1101777
  o https://bugzilla.suse.com/1101786
  o https://bugzilla.suse.com/1101788
  o https://bugzilla.suse.com/1101791
  o https://bugzilla.suse.com/1101794
  o https://bugzilla.suse.com/1101800
  o https://bugzilla.suse.com/1101802
  o https://bugzilla.suse.com/1101804
  o https://bugzilla.suse.com/1101810
  o https://bugzilla.suse.com/1106514
  o https://bugzilla.suse.com/1111647
  o https://bugzilla.suse.com/1117740
  o https://bugzilla.suse.com/1121231
  o https://bugzilla.suse.com/1121232
  o https://bugzilla.suse.com/1121233
  o https://bugzilla.suse.com/1121234
  o https://bugzilla.suse.com/1121235
  o https://bugzilla.suse.com/1127367
  o https://bugzilla.suse.com/1127369
  o https://bugzilla.suse.com/1127370
  o https://bugzilla.suse.com/1131941
  o https://bugzilla.suse.com/1131945
  o https://bugzilla.suse.com/1136021
  o https://bugzilla.suse.com/1141980
  o https://bugzilla.suse.com/1150690
  o https://bugzilla.suse.com/1156288
  o https://bugzilla.suse.com/1158505
  o https://bugzilla.suse.com/1161052
  o https://bugzilla.suse.com/1165241
  o https://bugzilla.suse.com/1165710
  o https://bugzilla.suse.com/957624

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXm71LGaOgq3Tt24GAQioCg/8CvjQDism35X+oonxWEkVc/cxfGE8S70g
wafbutRJZn00e+hBuYh6k6fOylHOa+M5EENJHkaBbQcFIxF4qBWhZXIjlx6rQPN1
L3uJe4Txk/1POCgYywiTE3ZO0eIA6KNxxu3wZ2+YcQeBlB2g/dXfPNIWWnFZW8yz
NLYnPpBhX93tbR22eHYUjMQlcGLLOHHscM500C87bsvuJo+1x9YKmgFKvkSrYk8I
EnekniXo0gFXg6Oc4cElzNwqsbbxAWPL650n+iZ1+xCyeoYgxHPxXwqJc/x57Pxc
CchUNeBEgA12d8RDCVGpNy1FJc6Vcglj40t5J+h7qJQ8rvfedplbboayvwPTX2Vf
Z/yqDUrKcJ2kTS1QoNN0ecky658+qH/x2LLHRQR1RXdE0nSktDZXNZUg/ajPMxc2
Z63dZ57PcWlD6mVk+o0cpUonpd3gpUeLD8TUy6DsvMF+A3Ecp2g42V/Y9j0+4AuC
AQ14+nzW9BD0FYVQJjGIdFCt6PiBt9N6CXU1slY+cqdCYbH/+47DoU0lhznBpGR/
8aczvArmEWMRaw5XaMCmNXAkATsI5dunfbyprkxkeIyYZEkMUEzBcJYKCZnHm7ti
SVwabQNn7sKgffzSUSSE1aCPqwyZfQyEaOyHcziiG4991HstVZjWbHenMWs77hsy
uZlqjaX+w6c=
=zZSZ
-----END PGP SIGNATURE-----