==========================================================================
Ubuntu Security Notice USN-6262-1
July 31, 2023

wireshark vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Wireshark.

Software Description:
- wireshark: network traffic analyzer - meta-package

Details:

It was discovered that Wireshark did not properly handle certain
NFS packages when certain configuration options were enabled.
An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. (CVE-2020-13164)

It was discovered that Wireshark did not properly handle certain GVCP
packages. An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-15466)

It was discovered that Wireshark did not properly handle certain
Kafka packages. An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-17498)

It was discovered that Wireshark did not properly handle certain TCP
packages containing an invalid 0xFFFF checksum. An attacker could
possibly use this issue to cause Wireshark to crash, resulting in
a denial of service. (CVE-2020-25862)

It was discovered that Wireshark did not properly handle certain
MIME packages containing invalid parts. An attacker could
possibly use this issue to cause Wireshark to crash, resulting in
a denial of service. (CVE-2020-25863)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   libwireshark13                  3.2.3-1ubuntu0.1~esm1
   tshark                          3.2.3-1ubuntu0.1~esm1
   wireshark                       3.2.3-1ubuntu0.1~esm1
   wireshark-common                3.2.3-1ubuntu0.1~esm1
   wireshark-gtk                   3.2.3-1ubuntu0.1~esm1
   wireshark-qt                    3.2.3-1ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   libwireshark11                  2.6.10-1~ubuntu18.04.0+esm1
   tshark                          2.6.10-1~ubuntu18.04.0+esm1
   wireshark                       2.6.10-1~ubuntu18.04.0+esm1
   wireshark-common                2.6.10-1~ubuntu18.04.0+esm1
   wireshark-gtk                   2.6.10-1~ubuntu18.04.0+esm1
   wireshark-qt                    2.6.10-1~ubuntu18.04.0+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libwireshark11                  2.6.10-1~ubuntu16.04.0+esm1
   tshark                          2.6.10-1~ubuntu16.04.0+esm1
   wireshark                       2.6.10-1~ubuntu16.04.0+esm1
   wireshark-common                2.6.10-1~ubuntu16.04.0+esm1
   wireshark-gtk                   2.6.10-1~ubuntu16.04.0+esm1
   wireshark-qt                    2.6.10-1~ubuntu16.04.0+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   libwireshark11                  2.6.10-1~ubuntu14.04.0~esm2
   tshark                          2.6.10-1~ubuntu14.04.0~esm2
   wireshark                       2.6.10-1~ubuntu14.04.0~esm2
   wireshark-common                2.6.10-1~ubuntu14.04.0~esm2
   wireshark-gtk                   2.6.10-1~ubuntu14.04.0~esm2
   wireshark-qt                    2.6.10-1~ubuntu14.04.0~esm2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6262-1
   CVE-2020-13164, CVE-2020-15466, CVE-2020-17498, CVE-2020-25862,
   CVE-2020-25863

Ubuntu 6262-1: Wireshark vulnerabilities

July 31, 2023
Several security issues were fixed in Wireshark.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Wireshark. Software Description: - wireshark: network traffic analyzer - meta-package Details: It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-13164) It was discovered that Wireshark did not properly handle certain GVCP packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15466) It was discovered that Wireshark did not properly handle certain Kafka packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-17498) It was discovered that Wireshark did not properly handle certain TCP packages containing an invalid 0xFFFF checksum. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25862) It was discovered that Wireshark did not properly handle certain MIME packages containing invalid parts. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25863)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS (Available with Ubuntu Pro):   libwireshark13                  3.2.3-1ubuntu0.1~esm1   tshark                          3.2.3-1ubuntu0.1~esm1   wireshark                       3.2.3-1ubuntu0.1~esm1   wireshark-common                3.2.3-1ubuntu0.1~esm1   wireshark-gtk                   3.2.3-1ubuntu0.1~esm1   wireshark-qt                    3.2.3-1ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro):   libwireshark11                  2.6.10-1~ubuntu18.04.0+esm1   tshark                          2.6.10-1~ubuntu18.04.0+esm1   wireshark                       2.6.10-1~ubuntu18.04.0+esm1   wireshark-common                2.6.10-1~ubuntu18.04.0+esm1   wireshark-gtk                   2.6.10-1~ubuntu18.04.0+esm1   wireshark-qt                    2.6.10-1~ubuntu18.04.0+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro):   libwireshark11                  2.6.10-1~ubuntu16.04.0+esm1   tshark                          2.6.10-1~ubuntu16.04.0+esm1   wireshark                       2.6.10-1~ubuntu16.04.0+esm1   wireshark-common                2.6.10-1~ubuntu16.04.0+esm1   wireshark-gtk                   2.6.10-1~ubuntu16.04.0+esm1   wireshark-qt                    2.6.10-1~ubuntu16.04.0+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro):   libwireshark11                  2.6.10-1~ubuntu14.04.0~esm2   tshark                          2.6.10-1~ubuntu14.04.0~esm2   wireshark                       2.6.10-1~ubuntu14.04.0~esm2   wireshark-common                2.6.10-1~ubuntu14.04.0~esm2   wireshark-gtk                   2.6.10-1~ubuntu14.04.0~esm2   wireshark-qt                    2.6.10-1~ubuntu14.04.0~esm2 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6262-1

  CVE-2020-13164, CVE-2020-15466, CVE-2020-17498, CVE-2020-25862,

  CVE-2020-25863

Severity
Ubuntu Security Notice USN-6262-1

Package Information

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved