Univention Bugzilla – Bug 47992
wireshark: Multiple issues (4.3)
Last modified: 2018-10-17 14:57:25 CEST
New Debian wireshark 2.6.3-1~deb9u1 fixes: This update addresses the following issues: * MSNIP dissector crash (wnpa-sec-2017-30) (CVE-2017-9343) * BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (CVE-2017-9344) * DNS dissector infinite loop (wnpa-sec-2017-26) (CVE-2017-9345) * SoulSeek dissector infinite loop (wnpa-sec-2017-25) (CVE-2017-9346) * ROS dissector crash (wnpa-sec-2017-31) (CVE-2017-9347) * DOF dissector read overflow (wnpa-sec-2017-23) (CVE-2017-9348) * DICOM dissector infinite loop (wnpa-sec-2017-27) (CVE-2017-9349) * openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) (CVE-2017-9350) * DHCP dissector read overflow (wnpa-sec-2017-24) (CVE-2017-9351) * Bazaar dissector infinite loop (wnpa-sec-2017-22) (CVE-2017-9352) * IPv6 dissector crash (wnpa-sec-2017-33) (CVE-2017-9353) * RGMP dissector crash (wnpa-sec-2017-32) (CVE-2017-9354) * Overly deep mp4 chunks may cause stack exhaustion (CVE-2017-9616) * Deeply nested DAAP data may cause stack exhaustion (CVE-2017-9617) * PROFINET IO data with a high recursion depth can cause stack exhaustion (CVE-2017-9766) * DOCSIS infinite loop (wnpa-sec-2017-36) (CVE-2017-11406) * MQ dissector crash (wnpa-sec-2017-35) (CVE-2017-11407) * WBXML dissector infinite loop (wnpa-sec-2017-13) (CVE-2017-11410) * Modbus dissector crash (wnpa-sec-2017-40) (CVE-2017-13764) * IrCOMM dissector buffer overrun (wnpa-sec-2017-41) (CVE-2017-13765) * MSDP dissector infinite loop (wnpa-sec-2017-38) (CVE-2017-13767) * DOCSIS infinite loop (CVE-2017-15189) * DMP dissector crash (CVE-2017-15191) * BT ATT dissector crash (CVE-2017-15192) * MBIM dissector crash (CVE-2017-15193) * denial of service in the File_read_line function in epan/wslua/wslua_file.c (CVE-2017-17935) * Misuse of NULL pointer in MRDISC dissector (CVE-2017-17997) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. (CVE-2018-7321) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. (CVE-2018-7322) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. (CVE-2018-7323) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. (CVE-2018-7324) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. (CVE-2018-7325) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. (CVE-2018-7326) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. (CVE-2018-7329) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. (CVE-2018-7331) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. (CVE-2018-7332) * In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. (CVE-2018-7333) * FCP dissector crash in packet-fcp.c (CVE-2018-7336) * DOCSIS dissector crash in packet-docsis.c by injecting a malformed packet (CVE-2018-7337) * IPMI dissector crash in packet-ipmi-picmg.c (CVE-2018-7417) * SIGCOMP dissector crash in packet-sigcomp.c (CVE-2018-7418) * Pcapng file parser crash in pcapng.c (CVE-2018-7420) * In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. (CVE-2018-7421) * stack overflow via crafted LWAPP Layer 3 Packet (CVE-2018-9256) * infinite loop in the CQL dissector in epan/dissectors/packet-cql.c (CVE-2018-9257) * TCP dissector could crash in epan/dissectors/packet-tcp.c (CVE-2018-9258) * MP4 dissector crash in epan/dissectors/file-mp4.c (CVE-2018-9259) * IEEE 802.15.4 dissector crash in epan/dissectors/packet-ieee802154.c (CVE-2018-9260) * VLAN dissector crash in epan/dissectors/packet-vlan.c (CVE-2018-9262) * Kerberos dissector crash in epan/dissectors/packet-kerberos.c (CVE-2018-9263) * memory leak in epan/dissectors/packet-tn3270.c (CVE-2018-9265) * memory leak in epan/dissectors/packet-isup.c (CVE-2018-9266) * memory leak in epan/dissectors/packet-lapd.c (CVE-2018-9267) * memory leak in epan/dissectors/packet-smb2.c (CVE-2018-9268) * memory leak in epan/dissectors/packet-giop.c (CVE-2018-9269) * memory leak in epan/oids.c (CVE-2018-9270) * memory leak in epan/dissectors/packet-multipart.c (CVE-2018-9271) * memory leak in epan/dissectors/packet-h223.c (CVE-2018-9272) * DNS dissector crash in packet-dns.c (CVE-2018-11356) * Uncontrolled Resource Consumption in epan/tvbuff.c (CVE-2018-11357) * Out-of-bounds Read in proto.c (CVE-2018-11359) * Heap-based Buffer Overflow in dot11decrypt.c (CVE-2018-11361) * MMSE dissector infinite loop (wnpa-sec-2018-38) (CVE-2018-14339) * Multiple dissectors could crash (wnpa-sec-2018-36) (CVE-2018-14340) * DICOM dissector infinite loop (wnpa-sec-2018-39) (CVE-2018-14341) * BGP dissector large loop (wnpa-sec-2018-34) (CVE-2018-14342) * ASN.1 BER and related dissectors crash (wnpa-sec-2018-37) (CVE-2018-14343) * ISMP dissector crash (wnpa-sec-2018-35) (CVE-2018-14344) * Bazaar dissector infinite loop (wnpa-sec-2018-40) (CVE-2018-14368) * HTTP2 dissector infinite loop (wnpa-sec-2018-41) (CVE-2018-14369) * Bluetooth Attribute Protocol dissector crash (CVE-2018-16056) * Radiotap dissector crash (CVE-2018-16057) * Bluetooth AVDTP dissector crash (CVE-2018-16058)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/wireshark_2.2.6+g32dac6a-2+deb9u3.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/wireshark_2.6.3-1~deb9u1.dsc @@ -1,21 +1,277 @@ -2.2.6+g32dac6a-2+deb9u3 [Wed, 30 May 2018 00:08:09 +0200] Moritz Mühlenhoff <jmm@debian.org>: - - * CVE-2017-9273 / CVE-2018-11358 / CVE-2018-11360 / CVE-2018-11362 - CVE-2018-7320 / CVE-2018-7334 / CVE-2018-7335 / CVE-2018-7419 - CVE-2018-9261 / CVE-2018-9264 - -2.2.6+g32dac6a-2+deb9u2 [Sun, 22 Jan 2018 18:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: - - * Non-maintainer upload by the Wheezy LTS Team. - * fix for CVE-2018-5334 - * fix for CVE-2018-5335 - * fix for CVE-2018-5336 - Several parsers of wireshark could be crashed by malformed packets. - -2.2.6+g32dac6a-2+deb9u1 [Mon, 04 Dec 2017 23:26:23 +0100] Moritz Mühlenhoff <jmm@debian.org>: - - * CVE-2017-11408 / CVE-2017-13766 / CVE-2017-17083.patch / CVE-2017-17084.patch - CVE-2017-17085 +2.6.3-1~deb9u1 [Tue, 02 Oct 2018 21:11:06 +0200] Balint Reczey <rbalint@ubuntu.com>: + + * Rebuild for stretch + +2.6.3-1 [Thu, 30 Aug 2018 12:59:09 +0200] Balint Reczey <rbalint@ubuntu.com>: + + * Use GLX extension in autopkgtest, Qt needs it + * New upstream version 2.6.3 + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.6.3.html + - security fixes: + - Bluetooth AVDTP dissector crash. (CVE-2018-16058) + - Bluetooth Attribute Protocol dissector crash. (CVE-2018-16056) + - Radiotap dissector crash. (CVE-2018-16057) + * Refresh patches + * Update symbols + +2.6.2-2 [Mon, 30 Jul 2018 04:31:02 +0800] Balint Reczey <rbalint@ubuntu.com>: + + * Add missing autopkgtest dependencies (Closes: #904920) + * Use automatic xvfb server number in tests + * Add Lintian override for extra patch for backporting + +2.6.2-1 [Fri, 27 Jul 2018 12:41:38 +0800] Balint Reczey <rbalint@ubuntu.com>: + + * Fix shipping README.Debian (Closes: #903722) + * Drop unused 06_release-version.patch. + * Drop unused backport-to-qt4.patch. + * Refresh backport-to-old-gnutls.patch. + * Skip building users and developers guide on Trusty. + Asciidoctor does not accept --require option there and breaks the build + and people can read documentation on more recent releases if they wish to. + * Add autopkgtest for testing starting GUI. + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.6.2.html + - security fixes: + - BGP dissector large loop (CVE-2018-14342) + - ISMP dissector crash (CVE-2018-14344) + - Multiple dissectors could crash (CVE-2018-14340) + - ASN.1 BER dissector crash (CVE-2018-14343) + - MMSE dissector infinite loop (CVE-2018-14339) + - DICOM dissector crash (CVE-2018-14341) + - Bazaar dissector infinite loop (CVE-2018-14368) + - HTTP2 dissector crash (CVE-2018-14369) + - CoAP dissector crash (CVE-2018-14367) + * Drop patches fixing shared library names, they are fixed upstream + * Refresh patches + * Update symbols files + +2.6.1-1 [Fri, 22 Jun 2018 18:42:57 +0200] Balint Reczey <rbalint@ubuntu.com>: + + [ Balint Reczey ] + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.6.1.html + - security fixes (Closes: #900708): + - The LDSS dissector could crash. (CVE-2018-11362) + - The IEEE 1905.1a dissector could crash. (CVE-2018-11354) + - The RTCP dissector could crash. (CVE-2018-11355) + - Multiple dissectors could consume excessive memory. (CVE-2018-11357) + - The DNS dissector could crash. (CVE-2018-11356) + - The GSM A DTAP dissector could crash. (CVE-2018-11360) + - The Q.931 dissector could crash. (CVE-2018-11358) + - The IEEE 802.11 dissector could crash. (CVE-2018-11361) + - Multiple dissectors could crash. (CVE-2018-11359) + * debian/gbp.conf: describe repository layout + * Update Vcs-{Browser|Git} to point to Salsa + * Drop packaging changes for ipmap.html since it is also dropped upstream. + * Refresh patches. + * Switch to use asciidoctor instead of asciidoc + * Fix shared library symlink names. + * Update shared library package names and symbols files. + * Adjust packaging to upstream file name changes. + * Ship README.Debian in every binary package. + * Ship asn2deb and idl2deb documentation. + + [ Peter Wu ] + * remove imagemagick build dependency and demote xdg-utils deps + xdg-utils is needed for xdg-open (opening websites) at runtime in GTK+, + but not for Qt nor during the build, remove it or mark it as optional. + * debian/rules: Skip installing icons and .desktop files. + They are now installed by CMake + + [ Gerald Combs ] + * Transition from GeoIP Legacy to MaxMindDB. + MaxMind is discontinuing its legacy databases in April in favor of + GeoIP2, which use a newer database format (MaxMind DB). The reference C + library (libmaxminddb) is available under the Apache 2.0 license which + isn't quite compatible with ours. + + [ Guy Harris ] + * Give more detailed information about capture permissions on Debian. + Indicate what you're supposed to do when running dpkg-reconfigure + wireshark-common, and indicate that you have to run it as root using + sudo. + Emphasize in README.Debian, and indicate in the permission failure + secondary message, that you have to add users to the "wireshark" group + after doing that, and that a user may have to log out and log in again + to make this change take effect. + +2.4.6-1 [Sun, 29 Apr 2018 21:27:02 +0200] Balint Reczey <rbalint@ubuntu.com>: + + [ Yuri Kozlov ] + * Updated Russian translation for debconf messages (Closes: #892902) + + [ Balint Reczey ] + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html + - security fixes: + - The MP4 dissector could crash. (CVE-2018-9259) + - The ADB dissector could crash. (CVE-2018-9264) + - The IEEE 802.15.4 dissector could crash. () + - The NBAP dissector could crash. (CVE-2018-9261) + - The VLAN dissector could crash. (CVE-2018-9262) + - The LWAPP dissector could crash. (CVE-2018-9256) + - The TCP dissector could crash. (CVE-2018-9258) + - The CQL dissector could to into an infinite loop. (CVE-2018-9257) + - The Kerberos dissector could crash. (CVE-2018-9263) + - Multiple dissectors and other modules could leak memory. + The TN3270 (CVE-2018-9265), ISUP (CVE-2018-9266), + LAPD (CVE-2018-9267), SMB2 (CVE-2018-9268), + GIOP (CVE-2018-9269), ASN.1 (CVE-2018-9270), + MIME multipart (CVE-2018-9271), H.223 (CVE-2018-9272), + and PCP (CVE-2018-9273) dissectors were susceptible along with + Wireshark (CVE-2018-9274) and TShark. + +2.4.5-1 [Mon, 26 Feb 2018 16:45:39 +0700] Balint Reczey <rbalint@ubuntu.com>: + + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.5.html + - security fixes: + - The SIGCOMP dissector could crash (CVE-2018-7320, CVE-2018-7418) + - Multiple dissectors could go into large infinite loops. + All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, + RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, + and WCCP dissectors were susceptible. (CVE-2018-7321, CVE-2018-7322, + CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, + CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, + CVE-2018-7331, CVE-2018-7332, CVE-2018-7333) + - The UMTS MAC dissector could crash (CVE-2018-7334) + - The IEEE 802.11 dissector could crash (CVE-2018-7335) + - The FCP dissector could crash (CVE-2018-7336) + - The DOCSIS dissector could crash (CVE-2018-7337) + - The IPMI dissector could crash (CVE-2018-7417) + - The NBAP disssector could crash (CVE-2018-7419) + - The pcapng file parser could crash (CVE-2018-7420) + * Only recommend libjs-openlayers (Closes: #888744) + +2.4.4-1 [Sat, 13 Jan 2018 01:31:25 +0100] Balint Reczey <rbalint@ubuntu.com>: + + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.4.html + - security fixes: + - Multiple dissectors could crash (CVE-2018-5336) + - The IxVeriWave file parser could crash (CVE-2018-5334) + - The WCP dissector could crash (CVE-2018-5335) + - Prior to this release dumpcap enabled the Linux kernel’s BPF JIT + compiler via the net.core.bpf_jit_enable sysctl. This could make + systems more vulnerable to Spectre variant 1 (CVE-2017-5753) and + this feature has been removed (Closes: #886619) + - There was a potential buffer underflow in File_read_line function + in epan/wslua/wslua_file.c file (CVE-2017-17935) (Closes: #885831) + * Update symbols files + * Fix dh_clean target in debian/rules + * Change wireshark-doc's priority to optional from extra following Policy + change + +2.4.3-1 [Sun, 03 Dec 2017 22:49:15 +0100] Balint Reczey <rbalint@ubuntu.com>: + + * Show version info instead of just "Git Rev Unknown from unknown" + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.3.html + - security fixes: + - The IWARP_MPA dissector could crash (CVE-2017-17084) + - The NetBIOS dissector could crash (CVE-2017-17083) + Discovered by Kamil Frankowicz + - The CIP Safety dissector could crash (CVE-2017-17085) + +2.4.2-1 [Wed, 11 Oct 2017 23:41:59 +0200] Balint Reczey <rbalint@ubuntu.com>: + + [ Pedro Ribeiro ] + * Updated Portuguese translation for debconf messages (Closes: #874522) + + [ Balint Reczey ] + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.2.html + - security fixes: + - BT ATT dissector crash (CVE-2017-15192) + - MBIM dissector crash (CVE-2017-15193) + - DMP dissector crash (CVE-2017-15191) + - RTSP dissector crash (CVE-2017-15190) + - DOCSIS infinite loop (CVE-2017-15189) + [ Helge Kreutzmann ] + * Updated German translation for debconf messages (Closes: #877636) + + [ Frans Spiesschaert ] + * Updated Dutch translation for debconf messages (Closes: #877244) + +2.4.1-1 [Thu, 31 Aug 2017 09:46:17 +0200] Balint Reczey <rbalint@ubuntu.com>: + + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.1.html + - security fixes: + - MSDP dissector infinite loop (CVE-2017-13767) + - Profinet I/O buffer overrun (CVE-2017-13766) + - Modbus dissector crash (CVE-2017-13764) + - IrCOMM dissector buffer overrun (CVE-2017-13765) + * Refresh patches + * Drop 0001-Set-libwscodecs.so-s-version-to-1.1.0.patch which is now + integrated upstream + +2.4.0-1 [Sun, 06 Aug 2017 13:22:45 -0400] Balint Reczey <rbalint@ubuntu.com>: + + * Use debconf messages instead of "echo" in postinst/postrm (LP: #1687344) + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html + - security fixes: + - deeply nested DAAP data may cause stack exhaustion + (uncontrolled recursion) in the dissect_daap_one_tag function + (CVE-2017-9617) (Closes: #870174) + - PROFINET IO data with a high recursion depth allows remote + attackers to cause a denial of service (stack exhaustion) + in the dissect_IODWriteReq function. (CVE-2017-9766) + (Closes: #870175) + - the DOCSIS dissector could go into an infinite loop (CVE-2017-11406) + (Closes: #870172) + - the MQ dissector could crash (CVE-2017-11407) (Closes: #870172) + - the AMQP dissector could crash (CVE-2017-11408) (Closes: #870172) + - the WBXML dissector could go into an infinite loop, triggered + by packet injection or a malformed capture file (CVE-2017-11410) + (Closes: #870180) + - the openSAFETY dissector could crash or exhaust system memory + (CVE-2017-11411) (Closes: #870179) + * Update shared library package names to match new .so versions + * Refresh patches + * Drop workaround to use system's nghttp2 since upstream does not + ship the embedded copy anymore + * Add build-dependency on libparse-yapp-perl, liblz4-dev, libsnappy-dev, + libspandsp-dev, libxml2-dev and lynx to enable new upstream features + * Update PO files about debconf templates + +2.2.7-1 [Tue, 27 Jun 2017 00:48:15 +0200] Balint Reczey <rbalint@ubuntu.com>: + + [ Balint Reczey ] + * Convert d/copyright to machine readable format + * Download releases from GitHub excluding upstream's debian/ dir + * Use my @ubuntu.com email address in Maintainer field + * New upstream release + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html + - security fixes (Closes: #864058): + - Bazaar dissector infinite loop (CVE-2017-9352) + - DOF dissector read overflow (CVE-2017-9348) + - DHCP dissector read overflow (CVE-2017-9351) + - SoulSeek dissector infinite loop (CVE-2017-9346) + - DNS dissector infinite loop (CVE-2017-9345) + - DICOM dissector infinite loop (CVE-2017-9349) + - openSAFETY dissector memory exhaustion (CVE-2017-9350) + - BT L2CAP dissector divide by zero (CVE-2017-9344) + - MSNIP dissector crash (CVE-2017-9343) + - ROS dissector crash (CVE-2017-9347) + - RGMP dissector crash (CVE-2017-9354) + - IPv6 dissector crash (CVE-2017-9353) + + [ Alexander Gerasiov ] + * Fix pkg-config libdir (Closes: #857729) 2.2.6+g32dac6a-2 [Sun, 28 May 2017 00:50:22 +0200] Balint Reczey <rbalint@ubuntu.com>: <http://10.200.17.11/4.3-2/#357623925424772025>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts new upstream version introduces new binary package names, for which the upgrade changelog extraction fails. [4.3-2] 1e3a4351a8 Bug #47992: wireshark 2.6.3-1~deb9u1 doc/errata/staging/wireshark.yaml | 187 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+)
<http://errata.software-univention.de/ucs/4.3/281.html>