ArchLinux: 201608-20: wireshark-cli: denial of service
Summary
- CVE-2016-6505 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.
- CVE-2016-6506 (denial of service)
It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.
- CVE-2016-6508 (denial of service)
It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.
- CVE-2016-6509 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.
- CVE-2016-6510 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.
- CVE-2016-6511 (denial of service)
It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.
- CVE-2016-6512 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.
- CVE-2016-6513 (denial of service)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.
Resolution
Upgrade to 2.0.5-1.
# pacman -Syu "wireshark-cli>=2.0.5-1"
The problem has been fixed upstream in version 2.0.5.
References
https://access.redhat.com/security/cve/CVE-2016-6505 https://access.redhat.com/security/cve/CVE-2016-6506 https://access.redhat.com/security/cve/CVE-2016-6508 https://access.redhat.com/security/cve/CVE-2016-6509 https://access.redhat.com/security/cve/CVE-2016-6510 https://access.redhat.com/security/cve/CVE-2016-6511 https://access.redhat.com/security/cve/CVE-2016-6512 https://access.redhat.com/security/cve/CVE-2016-6513 https://www.wireshark.org/security/wnpa-sec-2016-41.html https://gitlab.com/wireshark/wireshark/-/issues/12577 ;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95 https://www.wireshark.org/security/wnpa-sec-2016-42.html https://gitlab.com/wireshark/wireshark/-/issues/12594 ;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499 https://www.wireshark.org/security/wnpa-sec-2016-44.html https://gitlab.com/wireshark/wireshark/-/issues/12660 ;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb https://www.wireshark.org/security/wnpa-sec-2016-45.html https://gitlab.com/wireshark/wireshark/-/issues/12662 ;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb https://www.wireshark.org/security/wnpa-sec-2016-46.html https://gitlab.com/wireshark/wireshark/-/issues/12664 ;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe https://www.wireshark.org/security/wnpa-sec-2016-47.html https://gitlab.com/wireshark/wireshark/-/issues/12659 ;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3 https://www.wireshark.org/security/wnpa-sec-2016-48.html https://gitlab.com/wireshark/wireshark/-/issues/12661 ;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e https://www.wireshark.org/security/wnpa-sec-2016-49.html https://gitlab.com/wireshark/wireshark/-/issues/12663 ;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72
Workaround
None.