ArchLinux: 201901-5: wireshark-cli: multiple issues

    Date11 Jan 2019
    CategoryArchLinux
    720
    Posted ByLinuxSecurity Advisories
    The package wireshark-cli before version 2.6.6-1 is vulnerable to multiple issues including information disclosure and denial of service.
    Arch Linux Security Advisory ASA-201901-5
    =========================================
    
    Severity: Medium
    Date    : 2019-01-10
    CVE-ID  : CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719
    Package : wireshark-cli
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-844
    
    Summary
    =======
    
    The package wireshark-cli before version 2.6.6-1 is vulnerable to
    multiple issues including information disclosure and denial of service.
    
    Resolution
    ==========
    
    Upgrade to 2.6.6-1.
    
    # pacman -Syu "wireshark-cli>=2.6.6-1"
    
    The problems have been fixed upstream in version 2.6.6.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-5716 (denial of service)
    
    An assertion failure has been found in the 6LoWPAN dissector of
    Wireshark versions prior to 2.6.6, which could be triggered by
    injecting a malformed packet onto the wire or by convincing someone to
    read a malformed packet trace file.
    
    - CVE-2019-5717 (denial of service)
    
    A NULL-pointer dereference has been found in the P_MUL dissector of
    Wireshark versions prior to 2.6.6, which could be triggered by
    injecting a malformed packet onto the wire or by convincing someone to
    read a malformed packet trace file.
    
    - CVE-2019-5718 (information disclosure)
    
    An out-of-bounds read has been found in the RTSE dissector of Wireshark
    versions prior to 2.6.6, which could be triggered by injecting a
    malformed packet onto the wire or by convincing someone to read a
    malformed packet trace file.
    
    - CVE-2019-5719 (denial of service)
    
    A NULL-pointer dereference has been found in the ISAKMP dissector of
    Wireshark versions prior to 2.6.6, which could be triggered by
    injecting a malformed packet onto the wire or by convincing someone to
    read a malformed packet trace file.
    
    Impact
    ======
    
    A remote attacker can crash wireshark or access sensitive information
    via a crafted PCAP file or network packet.
    
    References
    ==========
    
    https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html
    https://www.wireshark.org/security/wnpa-sec-2019-01
    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217
    https://code.wireshark.org/review/#/c/31311/
    https://www.wireshark.org/security/wnpa-sec-2019-02
    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337
    https://code.wireshark.org/review/#/c/30986/
    https://www.wireshark.org/security/wnpa-sec-2019-03
    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373
    https://code.wireshark.org/review/#/c/31439/
    https://www.wireshark.org/security/wnpa-sec-2019-04
    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374
    https://code.wireshark.org/review/#/c/31219/
    https://security.archlinux.org/CVE-2019-5716
    https://security.archlinux.org/CVE-2019-5717
    https://security.archlinux.org/CVE-2019-5718
    https://security.archlinux.org/CVE-2019-5719
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.