Debian LTS: DLA-1802-1: wireshark security update

    Date24 May 2019
    CategoryDebian LTS
    954
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-10894
    
    Package        : wireshark
    Version        : 1.12.1+g01b65bf-4+deb8u19
    CVE ID         : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 
                     CVE-2019-10903
    Debian Bug     : 926718
    
    Several vulnerabilities have been found in wireshark, a network traffic analyzer.
    
    CVE-2019-10894
    
        Assertion failure in dissect_gssapi_work (packet-gssapi.c) leading to
        crash of the GSS-API dissector. Remote attackers might leverage this
        vulnerability to trigger DoS via a packet containing crafted GSS-API
        payload.
    
    CVE-2019-10895
    
        Insufficient data validation leading to large number of heap buffer
        overflows read and write in the NetScaler trace handling module
        (netscaler.c). Remote attackers might leverage these vulnerabilities to
        trigger DoS, or any other unspecified impact via crafted packets.
    
    CVE-2019-10899
    
        Heap-based buffer under-read vulnerability in the Service Location
        Protocol dissector. Remote attackers might leverage these
        vulnerabilities to trigger DoS, or any other unspecified impact via
        crafted SRVLOC packets.
    
    CVE-2019-10901
    
        NULL pointer dereference in the Local Download Sharing Service
        protocol dissector. Remote attackers might leverage these flaws to
        trigger DoS via crafted LDSS packets.
    
    CVE-2019-10903
    
        Missing boundary checks leading to heap out-of-bounds read
        vulnerability in the Microsoft Spool Subsystem protocol dissector.
        Remote attackers might leverage these vulnerabilities to trigger DoS,
        or any other unspecified impact via crafted SPOOLSS packets.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.12.1+g01b65bf-4+deb8u19.
    
    We recommend that you upgrade your wireshark packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.