Discover Government News

Arch Linux Security Advisory ASA-201608-20
=========================================
Severity: Low
Date    : 2016-08-27
CVE-ID  : CVE-2016-6505 CVE-2016-6506 CVE-2016-6508 CVE-2016-6509 
          CVE-2016-6510 CVE-2016-6511 CVE-2016-6512 CVE-2016-6513
Package : wireshark-cli
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package wireshark-cli before version 2.0.5-1 is vulnerable to denial
of service.

Resolution
=========
Upgrade to 2.0.5-1.

# pacman -Syu "wireshark-cli>=2.0.5-1"

The problem has been fixed upstream in version 2.0.5.

Workaround
=========
None.

Description
==========
- CVE-2016-6505 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6506 (denial of service)

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

- CVE-2016-6508 (denial of service)

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

- CVE-2016-6509 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6510 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6511 (denial of service)

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.

- CVE-2016-6512 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

- CVE-2016-6513 (denial of service)

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.

Impact
=====
A remote attacker is able to crash or make wireshark consume excessive
CPU resources by injecting a malformed packet or convincing someone to
read a malformed packet trace.

References
=========
https://access.redhat.com/security/cve/CVE-2016-6505
https://access.redhat.com/security/cve/CVE-2016-6506
https://access.redhat.com/security/cve/CVE-2016-6508
https://access.redhat.com/security/cve/CVE-2016-6509
https://access.redhat.com/security/cve/CVE-2016-6510
https://access.redhat.com/security/cve/CVE-2016-6511
https://access.redhat.com/security/cve/CVE-2016-6512
https://access.redhat.com/security/cve/CVE-2016-6513
https://www.wireshark.org/security/wnpa-sec-2016-41.html
https://gitlab.com/wireshark/wireshark/-/issues/12577
;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95
https://www.wireshark.org/security/wnpa-sec-2016-42.html
https://gitlab.com/wireshark/wireshark/-/issues/12594
;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499
https://www.wireshark.org/security/wnpa-sec-2016-44.html
https://gitlab.com/wireshark/wireshark/-/issues/12660
;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb
https://www.wireshark.org/security/wnpa-sec-2016-45.html
https://gitlab.com/wireshark/wireshark/-/issues/12662
;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
https://www.wireshark.org/security/wnpa-sec-2016-46.html
https://gitlab.com/wireshark/wireshark/-/issues/12664
;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
https://www.wireshark.org/security/wnpa-sec-2016-47.html
https://gitlab.com/wireshark/wireshark/-/issues/12659
;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
https://www.wireshark.org/security/wnpa-sec-2016-48.html
https://gitlab.com/wireshark/wireshark/-/issues/12661
;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://gitlab.com/wireshark/wireshark/-/issues/12663
;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72

ArchLinux: 201608-20: wireshark-cli: denial of service

August 27, 2016

Summary

- CVE-2016-6505 (denial of service) It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2016-6506 (denial of service)
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2016-6508 (denial of service)
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2016-6509 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2016-6510 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2016-6511 (denial of service)
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2016-6512 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2016-6513 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to 2.0.5-1. # pacman -Syu "wireshark-cli>=2.0.5-1"
The problem has been fixed upstream in version 2.0.5.

References

https://access.redhat.com/security/cve/CVE-2016-6505 https://access.redhat.com/security/cve/CVE-2016-6506 https://access.redhat.com/security/cve/CVE-2016-6508 https://access.redhat.com/security/cve/CVE-2016-6509 https://access.redhat.com/security/cve/CVE-2016-6510 https://access.redhat.com/security/cve/CVE-2016-6511 https://access.redhat.com/security/cve/CVE-2016-6512 https://access.redhat.com/security/cve/CVE-2016-6513 https://www.wireshark.org/security/wnpa-sec-2016-41.html https://gitlab.com/wireshark/wireshark/-/issues/12577 ;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95 https://www.wireshark.org/security/wnpa-sec-2016-42.html https://gitlab.com/wireshark/wireshark/-/issues/12594 ;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499 https://www.wireshark.org/security/wnpa-sec-2016-44.html https://gitlab.com/wireshark/wireshark/-/issues/12660 ;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb https://www.wireshark.org/security/wnpa-sec-2016-45.html https://gitlab.com/wireshark/wireshark/-/issues/12662 ;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb https://www.wireshark.org/security/wnpa-sec-2016-46.html https://gitlab.com/wireshark/wireshark/-/issues/12664 ;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe https://www.wireshark.org/security/wnpa-sec-2016-47.html https://gitlab.com/wireshark/wireshark/-/issues/12659 ;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3 https://www.wireshark.org/security/wnpa-sec-2016-48.html https://gitlab.com/wireshark/wireshark/-/issues/12661 ;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e https://www.wireshark.org/security/wnpa-sec-2016-49.html https://gitlab.com/wireshark/wireshark/-/issues/12663 ;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72

Severity
CVE-2016-6510 CVE-2016-6511 CVE-2016-6512 CVE-2016-6513
Package : wireshark-cli
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News