Univention Bugzilla – Bug 48409
wireshark: Multiple issues (4.3)
Last modified: 2019-01-09 13:27:15 CET
New Debian wireshark 2.6.5-1~deb9u1 fixes: This update addresses the following issues: * OpcUa dissector crash (CVE-2018-12086) * CoAP dissector crash (CVE-2018-18225) * Steam IHS Discovery dissector memory leak (CVE-2018-18226) * MS-WSP dissector crash (CVE-2018-18227) * Infinite loop in the MMSE dissector (CVE-2018-19622) * Heap buffer overflow in packet-lbmpdm.c:dissect_segment_ofstable() allows denial of service or possibly arbitrary code execution (CVE-2018-19623) * NULL pointer dereference resulting in a PVFS dissector crash (CVE-2018-19624) * Heap-based buffer over-read in the dissection engine (CVE-2018-19625) * DCOM dissector crash resulting in information leak (CVE-2018-19626) * IxVeriWave parser crash (CVE-2018-19627) * ZigBee ZCL dissector crash (CVE-2018-19628)
--- mirror/ftp/4.3/unmaintained/4.3-3/source/wireshark_2.6.3-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/wireshark_2.6.5-1~deb9u1.dsc @@ -1,6 +1,58 @@ -2.6.3-1~deb9u1 [Tue, 02 Oct 2018 21:11:06 +0200] Balint Reczey <rbalint@ubuntu.com>: +2.6.5-1~deb9u1 [Fri, 07 Dec 2018 23:50:12 +0100] Balint Reczey <rbalint@ubuntu.com>: - * Rebuild for stretch + * Rebuild for Stretch + +2.6.5-1 [Thu, 29 Nov 2018 14:41:14 +0100] Balint Reczey <rbalint@ubuntu.com>: + + * Add debian/gitlab-ci.yml + * New upstream version 2.6.5 + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html + - security fixes: + - The Wireshark dissection engine could crash. (CVE-2018-19625) + - The DCOM dissector could crash. (CVE-2018-19626) + - The LBMPDM dissector could crash. (CVE-2018-19623) + - The MMSE dissector could go into an infinite loop. (CVE-2018-19622) + - The IxVeriWave file parser could crash. (CVE-2018-19627) + - The PVFS dissector could crash. (CVE-2018-19624) + - The ZigBee ZCL dissector could crash. (CVE-2018-19628) + * Update symbols + +2.6.4-2 [Thu, 08 Nov 2018 22:51:48 +0100] Balint Reczey <rbalint@ubuntu.com>: + + [ nyov ] + * Build and install mmdbresolve to make GeoIP-lookup work. + (adds dependency on libmaxminddb) (Closes: #911567) + + [ Gregor Jasny ] + * debian: libwireshark-dev must depend on libwiretap-dev + because wireshark/epan/packet_info.h (libwireshark-dev) + depends on wireshark/wiretap/wtap.h (libwiretap-dev) + (LP: #1801666) + + [ Balint Reczey ] + * Ship man page for mmdbresolve + * debian/tests/gui: Redirect stderr to stdout because Lua prints to stderr + making the test fail + +2.6.4-1 [Sat, 13 Oct 2018 19:47:47 +0200] Balint Reczey <rbalint@ubuntu.com>: + + [ Ondřej Nový ] + * d/control: Removing redundant Priority field in binary package + * d/changelog: Remove trailing whitespaces + + [ Balint Reczey ] + * Install at-spi2-core in gui autopkgtest to avoid error messages + * debian/test/gui: Ignore stderr from wireshark-gtk since upstream deprecated + it and also start bigger virtual screen + * New upstream version 2.6.4 + - release notes: + https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html + - security fixes: + - MS-WSP dissector crash (CVE-2018-18227) + - Steam IHS Discovery dissector memory leak (CVE-2018-18226) + - CoAP dissector crash (CVE-2018-18225) + - OpcUA dissector crash (CVE-2018-12086) 2.6.3-1 [Thu, 30 Aug 2018 12:59:09 +0200] Balint Reczey <rbalint@ubuntu.com>: <http://10.200.17.11/4.3-3/#8992661573787046411>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts <http://10.200.17.11/4.3-3/#666462770913830501> fails because the -dbgsym packages no longer match the binNMU rebuilds from Debian. This is irrelevant for UCS. [4.3-3] ae052ddd35 Bug #48409: wireshark 2.6.5-1~deb9u1 doc/errata/staging/wireshark.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+)
<http://errata.software-univention.de/ucs/4.3/393.html> <http://errata.software-univention.de/ucs/4.3/398.html>