ArchLinux: 201707-28: wireshark-cli: denial of service
Summary
- CVE-2017-11406 (denial of service)
A security issue has been found in the DOCSIS dissector of wireshark <2.2.7. A crafted packet could make wireshark go into an infinite loop,
causing a denial of service.
- CVE-2017-11407 (denial of service)
A security issue has been found in the MQ dissector of wireshark <2.2.7. A crafted packet could make wireshark try to allocate a huge
amount of memory, resulting in a denial of service.
- CVE-2017-11408 (denial of service)
A security issue has been found in the AMQP dissector of wireshark <2.2.7. A crafted packet could make wireshark overflow the stack by
getting into a infinite recursion loop, causing a denial of service.
- CVE-2017-11410 (denial of service)
A security issue has been found in the WBXML dissector of wireshark <2.2.7. A crafted packet could make wireshark go into an infinite loop,
causing a denial of service. This issue is the result of an incomplete
fix for CVE-2017-7702.
- CVE-2017-11411 (denial of service)
A security issue has been found in the openSAFETY dissector of
wireshark <= 2.2.7. A crafted packet could make wireshark allocate a
huge amount of memory, causing a denial of service. This issue is the
result of an incomplete fix for CVE-2017-9350.
Resolution
Upgrade to 2.2.8-1.
# pacman -Syu "wireshark-cli>=2.2.8-1"
The problems have been fixed upstream in version 2.2.8.
References
https://www.wireshark.org/docs/relnotes/wireshark-2.2.8.html https://www.wireshark.org/security/wnpa-sec-2017-36.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797 https://www.wireshark.org/security/wnpa-sec-2017-35.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792 https://www.wireshark.org/security/wnpa-sec-2017-34.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780 https://www.wireshark.org/security/wnpa-sec-2017-13.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796 https://www.wireshark.org/security/wnpa-sec-2017-28.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755 https://security.archlinux.org/CVE-2017-11406 https://security.archlinux.org/CVE-2017-11407 https://security.archlinux.org/CVE-2017-11408 https://security.archlinux.org/CVE-2017-11410 https://security.archlinux.org/CVE-2017-11411
Workaround
None.