Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 18.10, 18.04 LTS, 16.04 LTS: USN-3986-1 High: Wireshark Crash

Calendar May 16, 2019 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory package update network traffic ubuntu crash issue wireshark malicious input
Wireshark could be made to crash if it received specially crafted network traffic or input files. 
=========================================================================Ubuntu Security Notice USN-3986-1
May 16, 2019

Wireshark vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Wireshark could be made to crash if it received specially crafted network
traffic or input files.

Software Description:
- wireshark: network traffic analyzer

Details:

It was discovered that Wireshark improperly handled certain input. A remote or
local attacker could cause Wireshark to crash by injecting malformed packets
onto the wire or convincing someone to read a malformed packet trace file.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  libwireshark-data               2.6.8-1~ubuntu18.10.0
  libwireshark11                  2.6.8-1~ubuntu18.10.0
  libwiretap8                     2.6.8-1~ubuntu18.10.0
  libwscodecs2                    2.6.8-1~ubuntu18.10.0
  libwsutil9                      2.6.8-1~ubuntu18.10.0
  tshark                          2.6.8-1~ubuntu18.10.0
  wireshark                       2.6.8-1~ubuntu18.10.0
  wireshark-common                2.6.8-1~ubuntu18.10.0
  wireshark-gtk                   2.6.8-1~ubuntu18.10.0
  wireshark-qt                    2.6.8-1~ubuntu18.10.0

Ubuntu 18.04 LTS:
  libwireshark-data               2.6.8-1~ubuntu18.04.0
  libwireshark11                  2.6.8-1~ubuntu18.04.0
  libwiretap8                     2.6.8-1~ubuntu18.04.0
  libwscodecs2                    2.6.8-1~ubuntu18.04.0
  libwsutil9                      2.6.8-1~ubuntu18.04.0
  tshark                          2.6.8-1~ubuntu18.04.0
  wireshark                       2.6.8-1~ubuntu18.04.0
  wireshark-common                2.6.8-1~ubuntu18.04.0
  wireshark-gtk                   2.6.8-1~ubuntu18.04.0
  wireshark-qt                    2.6.8-1~ubuntu18.04.0

Ubuntu 16.04 LTS:
  libwireshark-data               2.6.8-1~ubuntu16.04.0
  libwireshark11                  2.6.8-1~ubuntu16.04.0
  libwiretap8                     2.6.8-1~ubuntu16.04.0
  libwscodecs2                    2.6.8-1~ubuntu16.04.0
  libwsutil9                      2.6.8-1~ubuntu16.04.0
  tshark                          2.6.8-1~ubuntu16.04.0
  wireshark                       2.6.8-1~ubuntu16.04.0
  wireshark-common                2.6.8-1~ubuntu16.04.0
  wireshark-gtk                   2.6.8-1~ubuntu16.04.0
  wireshark-qt                    2.6.8-1~ubuntu16.04.0

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3986-1
  CVE-2019-10894, CVE-2019-10895, CVE-2019-10896, CVE-2019-10899,
  CVE-2019-10901, CVE-2019-10903, CVE-2019-9208, CVE-2019-9209,
  CVE-2019-9214

Package Information:
  https://launchpad.net/ubuntu/+source/wireshark/2.6.8-1~ubuntu18.10.0
  https://launchpad.net/ubuntu/+source/wireshark/2.6.8-1~ubuntu18.04.0
  https://launchpad.net/ubuntu/+source/wireshark/2.6.8-1~ubuntu16.04.0

Ubuntu 18.10, 18.04 LTS, 16.04 LTS: USN-3986-1 High: Wireshark Crash

ubuntu
Calendar Grey May 16, 2019
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-3987-1 tackles a vulnerability in VLC that could lead to unexpected behavior when processing malicious media files. Users are strongly advised to upgrade.
Wireshark could be made to crash if it received specially crafted network traffic or input files.

Summary

Topics%20covered

Topics Covered

security advisory package update network traffic ubuntu crash issue wireshark malicious input

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libwireshark-data 2.6.8-1~ubuntu18.10.0 libwireshark11 2.6.8-1~ubuntu18.10.0 libwiretap8 2.6.8-1~ubuntu18.10.0 libwscodecs2 2.6.8-1~ubuntu18.10.0 libwsutil9 2.6.8-1~ubuntu18.10.0 tshark 2.6.8-1~ubuntu18.10.0 wireshark 2.6.8-1~ubuntu18.10.0 wireshark-common 2.6.8-1~ubuntu18.10.0 wireshark-gtk 2.6.8-1~ubuntu18.10.0 wireshark-qt 2.6.8-1~ubuntu18.10.0 Ubuntu 18.04 LTS: libwireshark-data 2.6.8-1~ubuntu18.04.0 libwireshark11 2.6.8-1~ubuntu18.04.0 libwiretap8 2.6.8-1~ubuntu18.04.0 libwscodecs2 2.6.8-1~ubuntu18.04.0 libwsutil9 2.6.8-1~ubuntu18.04.0 tshark 2.6.8-1~ubuntu18.04.0 wireshark 2.6.8-1~ubuntu18.04.0 wireshark-common 2.6.8-1~ubuntu18.04.0 wireshark-gtk 2.6.8-1~ubuntu18.04.0 wireshark-qt 2.6.8-1~ubuntu18.04.0 Ubuntu 16.04 LTS: libwireshark-data 2.6.8-1~ubuntu16.04.0 libwireshark11 2.6.8-1~ubuntu16.04.0 libwiretap8 2.6.8-1~ubuntu16.04.0 libwscodecs2 2.6.8-1~ubuntu16.04.0 libwsutil9 2.6.8-1~ubuntu16.04.0 tshark 2.6.8-1~ubuntu16.04.0 wireshark 2.6.8-1~ubuntu16.04.0 wireshark-common 2.6.8-1~ubuntu16.04.0 wireshark-gtk 2.6.8-1~ubuntu16.04.0 wireshark-qt 2.6.8-1~ubuntu16.04.0 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3986-1

CVE-2019-10894, CVE-2019-10895, CVE-2019-10896, CVE-2019-10899,

CVE-2019-10901, CVE-2019-10903, CVE-2019-9208, CVE-2019-9209,

CVE-2019-9214

May 16, 2019

Topics%20covered

Topics Covered

security advisory package update network traffic ubuntu crash issue wireshark malicious input

Package Information

https://launchpad.net/ubuntu/+source/wireshark/2.6.8-1~ubuntu18.10.0 https://launchpad.net/ubuntu/+source/wireshark/2.6.8-1~ubuntu18.04.0 https://launchpad.net/ubuntu/+source/wireshark/2.6.8-1~ubuntu16.04.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here