Bug 49067 – wireshark: Multiple issues (4.3)

Bug 49067 - wireshark: Multiple issues (4.3)


Summary:	wireshark: Multiple issues (4.3)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.3
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.3-3-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-03-25 07:18 CET by Quality Assurance
Modified:	2019-03-27 14:28 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2019-03-25 07:18:44 CET

New Debian wireshark 2.6.7-1~deb9u1 fixes:
This update addresses the following issues:
* 6LoWPAN dissector crash in epan/dissectors/packet-6lowpan.c (CVE-2019-5716)
* P_MUL dissector crash in epan/dissectors/packet-p_mul.c (CVE-2019-5717)
* out-of-bounds read in get_t61_string() in epan/charsets.c (CVE-2019-5718)
* ISAKMP dissector crash in epan/dissectors/packet-isakmp.c (CVE-2019-5719)
* null-pointer dereference in TCAP dissector (CVE-2019-9208)
* Stack-based off-by-one buffer overflow in dissect_ber_GeneralizedTime  (CVE-2019-9209)
* null-deference read in RPCAP dissector (CVE-2019-9214)

Comment 1 Quality Assurance

2019-03-25 13:52:14 CET

--- mirror/ftp/4.3/unmaintained/component/4.3-3-errata/source/wireshark_2.6.5-1~deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-3/source/wireshark_2.6.7-1~deb9u1.dsc
@@ -1,6 +1,36 @@
-2.6.5-1~deb9u1 [Fri, 07 Dec 2018 23:50:12 +0100] Balint Reczey <rbalint@ubuntu.com>:
+2.6.7-1~deb9u1 [Sat, 23 Mar 2019 16:31:49 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
-  * Rebuild for Stretch
+  * Non-maintainer upload by the Security Team.
+  * Rebuild for stretch(-security).
+
+2.6.7-1 [Thu, 28 Feb 2019 12:29:35 +0100] Balint Reczey <rbalint@ubuntu.com>:
+
+  [ Balint Reczey ]
+  * Drop unapplied backport-to-old-gnutls.patch
+  * Ship captype and randpkt in wireshark-common (Closes: #919027)
+  * Override a few Lintian issues
+  * New upstream version 2.6.7
+    - security fixes (Closes: #923611):
+      - ASN.1 BER and related dissectors crash. (CVE-2019-9209)
+      - TCAP dissector crash. (CVE-2019-9208)
+      - RPCAP dissector crash. (CVE-2019-9214)
+
+  [ Joe Hansen ]
+  * Danish debconf translate translation update (Closes: #923064)
+
+2.6.6-1 [Wed, 09 Jan 2019 14:58:36 +0700] Balint Reczey <rbalint@ubuntu.com>:
+
+  [ Jean-Philippe MENGUAL ]
+  * French debconf translation update (Closes: #915161)
+
+  [ Balint Reczey ]
+  * New upstream version 2.6.6
+    - security fixes:
+      - The P_MUL dissector could crash. (CVE-2019-5717)
+      - The RTSE dissector and other dissectors could crash. (CVE-2019-5718)
+      - The ISAKMP dissector could crash. (CVE-2019-5719)
+      - The 6LoWPAN dissector could crash. (CVE-2019-5716)
+  * Mention GPLv3+ code snippet in tools/pidl/idl.yp (Closes: #918089)
 
 2.6.5-1 [Thu, 29 Nov 2018 14:41:14 +0100] Balint Reczey <rbalint@ubuntu.com>:
 

<http://10.200.17.11/4.3-3/#8751806500658333621>

Comment 2 Philipp Hahn

2019-03-26 08:44:05 CET

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-3] c1e564a917 Bug #49067: wireshark 2.6.7-1~deb9u1
 doc/errata/staging/wireshark.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

[4.3-3] e6bd3e0fcc Bug #49067: wireshark 2.6.7-1~deb9u1
 doc/errata/staging/wireshark.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

Comment 3 Arvid Requate

2019-03-27 14:28:43 CET

<http://errata.software-univention.de/ucs/4.3/465.html>