Debian LTS: DLA-1802-1: wireshark security update

    Date24 May 2019
    CategoryDebian LTS
    805
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-10894
    
    Package        : wireshark
    Version        : 1.12.1+g01b65bf-4+deb8u19
    CVE ID         : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 
                     CVE-2019-10903
    Debian Bug     : 926718
    
    Several vulnerabilities have been found in wireshark, a network traffic analyzer.
    
    CVE-2019-10894
    
        Assertion failure in dissect_gssapi_work (packet-gssapi.c) leading to
        crash of the GSS-API dissector. Remote attackers might leverage this
        vulnerability to trigger DoS via a packet containing crafted GSS-API
        payload.
    
    CVE-2019-10895
    
        Insufficient data validation leading to large number of heap buffer
        overflows read and write in the NetScaler trace handling module
        (netscaler.c). Remote attackers might leverage these vulnerabilities to
        trigger DoS, or any other unspecified impact via crafted packets.
    
    CVE-2019-10899
    
        Heap-based buffer under-read vulnerability in the Service Location
        Protocol dissector. Remote attackers might leverage these
        vulnerabilities to trigger DoS, or any other unspecified impact via
        crafted SRVLOC packets.
    
    CVE-2019-10901
    
        NULL pointer dereference in the Local Download Sharing Service
        protocol dissector. Remote attackers might leverage these flaws to
        trigger DoS via crafted LDSS packets.
    
    CVE-2019-10903
    
        Missing boundary checks leading to heap out-of-bounds read
        vulnerability in the Microsoft Spool Subsystem protocol dissector.
        Remote attackers might leverage these vulnerabilities to trigger DoS,
        or any other unspecified impact via crafted SPOOLSS packets.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.12.1+g01b65bf-4+deb8u19.
    
    We recommend that you upgrade your wireshark packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    ccommentViewComments Object ( [document] => [_name:protected] => comments [_models:protected] => Array ( ) [_basePath:protected] => /var/www/www.linuxsecurity.com-443/html/components/com_comment [_defaultModel:protected] => [_layout:protected] => default [_layoutExt:protected] => php [_layoutTemplate:protected] => _ [_path:protected] => Array ( [template] => Array ( [0] => /var/www/www.linuxsecurity.com-443/html/templates/shaperhelix_child/html/com_comment/templates/default/ [1] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/templates/default/ [2] => /var/www/www.linuxsecurity.com-443/html/templates/shaperhelix_child/html/com_content/comments/ [3] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/views/comments/tmpl/ ) [helper] => Array ( [0] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/helpers/ ) ) [_template:protected] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/templates/default/default_menu.php [_output:protected] => [_escape:protected] => htmlspecialchars [_charset:protected] => UTF-8 [_errors:protected] => Array ( ) [baseurl] => [plugin] => CcommentComponentContentPlugin Object ( [row] => stdClass Object ( [id] => 268174 [asset_id] => 0 [title] => Debian LTS: DLA-1802-1: wireshark security update [alias] => debian-lts-dla-1802-1-wireshark-security-update [introtext] => Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-10894 [fulltext] =>
    
    Package        : wireshark
    Version        : 1.12.1+g01b65bf-4+deb8u19
    CVE ID         : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 
                     CVE-2019-10903
    Debian Bug     : 926718
    
    Several vulnerabilities have been found in wireshark, a network traffic analyzer.
    
    CVE-2019-10894
    
        Assertion failure in dissect_gssapi_work (packet-gssapi.c) leading to
        crash of the GSS-API dissector. Remote attackers might leverage this
        vulnerability to trigger DoS via a packet containing crafted GSS-API
        payload.
    
    CVE-2019-10895
    
        Insufficient data validation leading to large number of heap buffer
        overflows read and write in the NetScaler trace handling module
        (netscaler.c). Remote attackers might leverage these vulnerabilities to
        trigger DoS, or any other unspecified impact via crafted packets.
    
    CVE-2019-10899
    
        Heap-based buffer under-read vulnerability in the Service Location
        Protocol dissector. Remote attackers might leverage these
        vulnerabilities to trigger DoS, or any other unspecified impact via
        crafted SRVLOC packets.
    
    CVE-2019-10901
    
        NULL pointer dereference in the Local Download Sharing Service
        protocol dissector. Remote attackers might leverage these flaws to
        trigger DoS via crafted LDSS packets.
    
    CVE-2019-10903
    
        Missing boundary checks leading to heap out-of-bounds read
        vulnerability in the Microsoft Spool Subsystem protocol dissector.
        Remote attackers might leverage these vulnerabilities to trigger DoS,
        or any other unspecified impact via crafted SPOOLSS packets.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.12.1+g01b65bf-4+deb8u19.
    
    We recommend that you upgrade your wireshark packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    [state] => 1 [catid] => 197 [created] => 2019-05-25 03:56:00 [created_by] => 62 [created_by_alias] => LinuxSecurity.com Team [modified] => 2019-05-25 03:56:00 [modified_by] => 0 [checked_out] => 0 [checked_out_time] => 0000-00-00 00:00:00 [publish_up] => 2019-05-25 03:56:00 [publish_down] => 0000-00-00 00:00:00 [images] => {"image_fulltext":"/images/distros-large/debianlts-large.png","float_intro":"","image_intro_caption":"'Debian LTS: DLA-1802-1: wireshark security update'","image_fulltext_caption":"'Debian LTS: DLA-1802-1: wireshark security update'","image_fulltext_alt":"'Debian LTS: DLA-1802-1: wireshark security update'","image_intro_alt":"'Debian LTS: DLA-1802-1: wireshark security update'","float_fulltext":"/images/distros-large/debianlts-large.png","image_intro":"/images/distros-large/debianlts-large.png"} [urls] => [attribs] => [version] => 1 [ordering] => 1 [metakey] => [metadesc] => [access] => 1 [hits] => 805 [metadata] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [robots] => [author] => [rights] => [xreference] => ) [initialized:protected] => 1 [separator] => . ) [featured] => 0 [language] => * [xreference] => [category_title] => Debian LTS [category_alias] => deblts [category_access] => 1 [author] => LinuxSecurity Advisories [parent_title] => ADVISORIES [parent_id] => 181 [parent_route] => advisories [parent_alias] => advisories [rating] => [rating_count] => [params] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [article_layout] => _:default [show_title] => 1 [link_titles] => 1 [show_intro] => 1 [info_block_position] => 0 [info_block_show_title] => 1 [show_category] => 1 [link_category] => 1 [show_parent_category] => 0 [link_parent_category] => 0 [show_associations] => 0 [flags] => 1 [show_author] => 1 [link_author] => 0 [show_create_date] => 0 [show_modify_date] => 0 [show_publish_date] => 1 [show_item_navigation] => 1 [show_vote] => 0 [show_readmore] => 1 [show_readmore_title] => 1 [readmore_limit] => 100 [show_tags] => 1 [show_icons] => 1 [show_print_icon] => 1 [show_email_icon] => 0 [show_hits] => 1 [show_noauth] => 0 [urls_position] => 0 [captcha] => [show_publishing_options] => 1 [show_article_options] => 1 [save_history] => 1 [history_limit] => 10 [show_urls_images_frontend] => 0 [show_urls_images_backend] => 1 [targeta] => 0 [targetb] => 0 [targetc] => 0 [float_intro] => left [float_fulltext] => left [category_layout] => _:blog [show_category_heading_title_text] => 1 [show_category_title] => 0 [show_description] => 0 [show_description_image] => 0 [maxLevel] => 1 [show_empty_categories] => 0 [show_no_articles] => 1 [show_subcat_desc] => 1 [show_cat_num_articles] => 0 [show_cat_tags] => 1 [show_base_description] => 1 [maxLevelcat] => -1 [show_empty_categories_cat] => 0 [show_subcat_desc_cat] => 1 [show_cat_num_articles_cat] => 1 [num_leading_articles] => 0 [num_intro_articles] => 5 [num_columns] => 1 [num_links] => 4 [multi_column_order] => 0 [show_subcategory_content] => 0 [show_pagination_limit] => 1 [filter_field] => hide [show_headings] => 1 [list_show_date] => 0 [date_format] => [list_show_hits] => 1 [list_show_author] => 1 [orderby_pri] => alpha [orderby_sec] => rdate [order_date] => created [show_pagination] => 2 [show_pagination_results] => 1 [show_featured] => show [show_feed_link] => 1 [feed_summary] => 0 [feed_show_readmore] => 0 [sef_advanced] => 1 [sef_ids] => 1 [custom_fields_enable] => 0 [show_page_heading] => 0 [layout_type] => blog [menu_text] => 1 [menu_show] => 1 [secure] => 0 [menulayout] => {"width":600,"menuItem":1,"menuAlign":"right","layout":[{"type":"row","attr":[{"type":"column","colGrid":12,"menuParentId":"108","moduleId":""}]}]} [megamenu] => 0 [showmenutitle] => 1 [enable_page_title] => 0 [page_title] => Advisories [page_description] => LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals. [page_rights] => [robots] => [access-view] => 1 ) [initialized:protected] => 1 [separator] => . ) [tagLayout] => Joomla\CMS\Layout\FileLayout Object ( [layoutId:protected] => joomla.content.tags [basePath:protected] => [fullPath:protected] => [includePaths:protected] => Array ( ) [options:protected] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [component] => com_content [client] => 0 ) [initialized:protected] => [separator] => . ) [data:protected] => Array ( ) [debugMessages:protected] => Array ( ) ) [slug] => 268174:debian-lts-dla-1802-1-wireshark-security-update [catslug] => 197:deblts [parent_slug] => 181:advisories [readmore_link] => /advisories/deblts/debian-lts-dla-1802-1-wireshark-security-update [text] => Several vulnerabilities have been found in wireshark, a network traffic analyzer. CVE-2019-10894
    
    Package        : wireshark
    Version        : 1.12.1+g01b65bf-4+deb8u19
    CVE ID         : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 
                     CVE-2019-10903
    Debian Bug     : 926718
    
    Several vulnerabilities have been found in wireshark, a network traffic analyzer.
    
    CVE-2019-10894
    
        Assertion failure in dissect_gssapi_work (packet-gssapi.c) leading to
        crash of the GSS-API dissector. Remote attackers might leverage this
        vulnerability to trigger DoS via a packet containing crafted GSS-API
        payload.
    
    CVE-2019-10895
    
        Insufficient data validation leading to large number of heap buffer
        overflows read and write in the NetScaler trace handling module
        (netscaler.c). Remote attackers might leverage these vulnerabilities to
        trigger DoS, or any other unspecified impact via crafted packets.
    
    CVE-2019-10899
    
        Heap-based buffer under-read vulnerability in the Service Location
        Protocol dissector. Remote attackers might leverage these
        vulnerabilities to trigger DoS, or any other unspecified impact via
        crafted SRVLOC packets.
    
    CVE-2019-10901
    
        NULL pointer dereference in the Local Download Sharing Service
        protocol dissector. Remote attackers might leverage these flaws to
        trigger DoS via crafted LDSS packets.
    
    CVE-2019-10903
    
        Missing boundary checks leading to heap out-of-bounds read
        vulnerability in the Microsoft Spool Subsystem protocol dissector.
        Remote attackers might leverage these vulnerabilities to trigger DoS,
        or any other unspecified impact via crafted SPOOLSS packets.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.12.1+g01b65bf-4+deb8u19.
    
    We recommend that you upgrade your wireshark packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    [tags] => Joomla\CMS\Helper\TagsHelper Object ( [tagsChanged:protected] => [replaceTags:protected] => [typeAlias] => [itemTags] => Array ( ) ) [jcfields] => Array ( ) [event] => stdClass Object ( [afterDisplayTitle] => [beforeDisplayContent] => ) [prev] => /advisories/deblts/debian-lts-dla-1803-1-php5-security-update [next] => /advisories/deblts/debian-lts-dla-1801-1-zookeeper-security-update [prev_label] => Prev [next_label] => Next [pagination] => [paginationposition] => 1 [paginationrelative] => 0 ) [params] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [article_layout] => _:default [show_title] => 1 [link_titles] => 1 [show_intro] => 1 [info_block_position] => 0 [info_block_show_title] => 1 [show_category] => 1 [link_category] => 1 [show_parent_category] => 0 [link_parent_category] => 0 [show_associations] => 0 [flags] => 1 [show_author] => 1 [link_author] => 0 [show_create_date] => 0 [show_modify_date] => 0 [show_publish_date] => 1 [show_item_navigation] => 1 [show_vote] => 0 [show_readmore] => 1 [show_readmore_title] => 1 [readmore_limit] => 100 [show_tags] => 1 [show_icons] => 1 [show_print_icon] => 1 [show_email_icon] => 0 [show_hits] => 1 [show_noauth] => 0 [urls_position] => 0 [captcha] => [show_publishing_options] => 1 [show_article_options] => 1 [save_history] => 1 [history_limit] => 10 [show_urls_images_frontend] => 0 [show_urls_images_backend] => 1 [targeta] => 0 [targetb] => 0 [targetc] => 0 [float_intro] => left [float_fulltext] => left [category_layout] => _:blog [show_category_heading_title_text] => 1 [show_category_title] => 0 [show_description] => 0 [show_description_image] => 0 [maxLevel] => 1 [show_empty_categories] => 0 [show_no_articles] => 1 [show_subcat_desc] => 1 [show_cat_num_articles] => 0 [show_cat_tags] => 1 [show_base_description] => 1 [maxLevelcat] => -1 [show_empty_categories_cat] => 0 [show_subcat_desc_cat] => 1 [show_cat_num_articles_cat] => 1 [num_leading_articles] => 0 [num_intro_articles] => 5 [num_columns] => 1 [num_links] => 4 [multi_column_order] => 0 [show_subcategory_content] => 0 [show_pagination_limit] => 1 [filter_field] => hide [show_headings] => 1 [list_show_date] => 0 [date_format] => [list_show_hits] => 1 [list_show_author] => 1 [orderby_pri] => alpha [orderby_sec] => rdate [order_date] => created [show_pagination] => 2 [show_pagination_results] => 1 [show_featured] => show [show_feed_link] => 1 [feed_summary] => 0 [feed_show_readmore] => 0 [sef_advanced] => 1 [sef_ids] => 1 [custom_fields_enable] => 0 [show_page_heading] => 0 [layout_type] => blog [menu_text] => 1 [menu_show] => 1 [secure] => 0 [menulayout] => {"width":600,"menuItem":1,"menuAlign":"right","layout":[{"type":"row","attr":[{"type":"column","colGrid":12,"menuParentId":"108","moduleId":""}]}]} [megamenu] => 0 [showmenutitle] => 1 [enable_page_title] => 0 [page_title] => Advisories [page_description] => LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals. [page_rights] => [robots] => [access-view] => 1 ) [initialized:protected] => 1 [separator] => . ) ) [config] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [basic] => stdClass Object ( [include_categories] => 1 [categories] => Array ( [0] => 179 [1] => 171 [2] => 84 [3] => 83 [4] => 82 [5] => 81 [6] => 80 [7] => 79 [8] => 78 [9] => 77 [10] => 76 [11] => 75 [12] => 74 [13] => 73 [14] => 72 [15] => 69 [16] => 67 [17] => 178 [18] => 181 [19] => 87 [20] => 89 [21] => 91 [22] => 98 [23] => 99 [24] => 100 [25] => 172 [26] => 197 [27] => 198 [28] => 199 [29] => 200 [30] => 182 [31] => 159 [32] => 102 [33] => 183 [34] => 157 [35] => 156 [36] => 184 [37] => 107 [38] => 106 [39] => 105 [40] => 104 [41] => 103 [42] => 185 [43] => 186 [44] => 108 [45] => 187 [46] => 160 [47] => 166 [48] => 169 [49] => 161 [50] => 167 [51] => 162 [52] => 163 [53] => 188 [54] => 170 [55] => 189 [56] => 196 ) [exclude_content_items] => Array ( ) [disable_additional_comments] => Array ( ) ) [security] => stdClass Object ( [authorised_users] => Array ( [0] => 6 [1] => 7 [2] => 2 [3] => 3 [4] => 4 [5] => 5 [6] => 8 ) [auto_publish] => 1 [notify_moderators] => 0 [moderators] => Array ( [0] => 8 ) [captcha] => 1 [captcha_type] => default [maxlength_text] => 30000 ) [layout] => stdClass Object ( [tree] => 1 [sort] => 0 [comments_per_page] => 10 [support_ubb] => 1 [support_pictures] => 0 [pictures_maxwidth] => 200 [voting_visible] => 1 [date_format] => age [show_readon] => 1 [menu_readon] => 0 [intro_only] => 0 [emoticon_pack] => modern ) [template] => stdClass Object ( [template] => default ) [template_params] => stdClass Object ( [emulate_bootstrap] => 1 [minify_scripts] => 0 [notify_users] => 1 [pagination_position] => 0 [form_position] => 1 [form_avatar] => 1 [form_ubb] => 1 [required_user] => 1 [required_email] => 1 [show_rss] => 1 [show_search] => 1 [preview_visible] => 1 [preview_length] => 80 [preview_lines] => 10 ) [integrations] => stdClass Object ( [gravatar] => 1 [support_profiles] => 0 ) [global] => stdClass Object ( [censorship_word_list] => Array ( ) ) ) [initialized:protected] => 1 [separator] => . [id] => 1 [component] => com_content ) [count] => 0 [contentId] => 268174 [component] => com_content [allowedToPost] => [discussionClosed] => [emoticons] => Array ( [:angry:] => /media/com_comment/emoticons/modern/images/Angry.gif [:angry-red:] => /media/com_comment/emoticons/modern/images/Angry-Red.gif [:evil:] => /media/com_comment/emoticons/modern/images/Evil-Toothy.gif [:idea:] => /media/com_comment/emoticons/modern/images/Idea.gif [:love:] => /media/com_comment/emoticons/modern/images/Love.gif [:x] => /media/com_comment/emoticons/modern/images/Mad.gif [:no-comments:] => /media/com_comment/emoticons/modern/images/No-Comments.gif [:ooo:] => /media/com_comment/emoticons/modern/images/Oooo.gif [:pirate:] => /media/com_comment/emoticons/modern/images/Pirate.gif [:?:] => /media/com_comment/emoticons/modern/images/Question.gif [:(] => /media/com_comment/emoticons/modern/images/Sad.gif [:sleep:] => /media/com_comment/emoticons/modern/images/Sleeping.gif [:)] => /media/com_comment/emoticons/modern/images/Smile.gif [,)] => /media/com_comment/emoticons/modern/images/Wink.gif [,))] => /media/com_comment/emoticons/modern/images/Wink-2.gif [:0] => /media/com_comment/emoticons/modern/images/Wooo.gif ) [customfieldsForm] => Joomla\CMS\Form\Form Object ( [data:protected] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( ) [initialized:protected] => [separator] => . ) [errors:protected] => Array ( ) [name:protected] => customfields [options:protected] => Array ( [control] => jform ) [xml:protected] => SimpleXMLElement Object ( [fields] => SimpleXMLElement Object ( [@attributes] => Array ( [name] => customfields ) ) ) [repeat] => ) )

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"2","type":"x","order":"4","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.