Univention Bugzilla – Bug 52289
wireshark: Multiple issues (4.4)
Last modified: 2020-11-04 14:49:24 CET
New Debian wireshark 2.6.8-1.1~deb9u1 fixes: This update addresses the following issues: * GSS-API dissector crash (wnpa-sec-2019-14) (CVE-2019-10894) * NetScaler file parser crash (wnpa-sec-2019-09) (CVE-2019-10895) * DOF dissector crash (wnpa-sec-2019-15) (CVE-2019-10896) * SRVLOC dissector crash (wnpa-sec-2019-10) (CVE-2019-10899) * LDSS dissector crash (wnpa-sec-2019-17) (CVE-2019-10901) * DCERPC SPOOLSS dissector crash (wnpa-sec-2019-18) (CVE-2019-10903) * missing dissection recursion checks leads to denial of service (CVE-2019-12295)
--- mirror/ftp/4.3/unmaintained/4.3-4/source/wireshark_2.6.7-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/wireshark_2.6.8-1.1~deb9u1.dsc @@ -1,7 +1,27 @@ -2.6.7-1~deb9u1 [Sat, 23 Mar 2019 16:31:49 +0100] Salvatore Bonaccorso <carnil@debian.org>: +2.6.8-1.1~deb9u1 [Sat, 31 Oct 2020 21:05:56 +0200] Adrian Bunk <bunk@debian.org>: - * Non-maintainer upload by the Security Team. - * Rebuild for stretch(-security). + * Non-maintainer upload by the LTS team. + * Rebuild for stretch. + +2.6.8-1.1 [Mon, 27 May 2019 16:08:44 +0200] Dr. Tobias Quathamer <toddy@debian.org>: + + * Non-maintainer upload. + * CVE-2019-12295 + In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, + the dissection engine could crash. This was addressed in + epan/packet.c by restricting the number of layers and + consequently limiting recursion. (Closes: #929446) + +2.6.8-1 [Wed, 10 Apr 2019 15:58:16 +0200] Balint Reczey <rbalint@ubuntu.com>: + + * New upstream version 2.6.8 + - security fixes (Closes: #926718): + - NetScaler file parser crash. (CVE-2019-10895) + - SRVLOC dissector crash. (CVE-2019-10899) + - GSS-API dissector crash. (CVE-2019-10894) + - DOF dissector crash. (CVE-2019-10896) + - LDSS dissector crash. (CVE-2019-10901) + - DCERPC SPOOLSS dissector crash. (CVE-2019-10903) 2.6.7-1 [Thu, 28 Feb 2019 12:29:35 +0100] Balint Reczey <rbalint@ubuntu.com>: <http://10.200.17.11/4.4-6/#3925983173581323547>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] 1275dd7eb6 Bug #52289: wireshark 2.6.8-1.1~deb9u1 doc/errata/staging/wireshark.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x791>