Bug 52755 – wireshark: Multiple issues (4.4)

Bug 52755 - wireshark: Multiple issues (4.4)


Summary:	wireshark: Multiple issues (4.4)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.4
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.4-7-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-02-08 08:37 CET by Quality Assurance
Modified:	2021-02-10 17:26 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2021-02-08 08:37:30 CET

New Debian wireshark 2.6.20-0+deb9u1 fixes:
This update addresses the following issues:
* missing dissection recursion checks leads to denial of service  (CVE-2019-12295)
* ASN.1 BER dissector crash (wnpa-sec-2019-20) (CVE-2019-13619)
* gryphon dissector infinite loop (wnpa-sec-2019-21) (CVE-2019-16319)
* CMS dissector crash (wnpa-sec-2019-22) (CVE-2019-19553)
* invalid memory access in BT ATT dissector (CVE-2020-7045)
* injecting a malformed packet may cause the EAP dissector to crash due to  out-of-bounds read (CVE-2020-9428)
* injecting a malformed packet may cause WiMax DLMAP dissector to crash due  to out-of-bound read (CVE-2020-9430)
* LTE RRC dissector memory leak could result in excessive memory resource  consumption (CVE-2020-9431)
* BACapp dissector crash (wnpa-sec-2020-07) (CVE-2020-11647)
* NFS dissector crash (wnpa-sec-2020-08) (CVE-2020-13164)
* GVCP dissector infinite loop (CVE-2020-15466)
* TCP dissector crash (wnpa-sec-2020-12) (CVE-2020-25862)
* MIME multipart dissector crash (wnpa-sec-2020-11) (CVE-2020-25863)
* Kafka dissector memory leak (wnpa-sec-2020-16) (CVE-2020-26418)
* USB HID dissector crash (wnpa-sec-2020-17) (CVE-2020-26421)
* FBZERO dissector could enter an infinite loop (CVE-2020-26575)
* malformed packet on wire could make GQUIC protocol dissector loop  (CVE-2020-28030)

Comment 1 Quality Assurance

2021-02-08 09:01:15 CET

--- mirror/ftp/4.4/unmaintained/4.4-7/source/wireshark_2.6.8-1.1~deb9u1.dsc
+++ apt/ucs_4.4-0-errata4.4-7/source/wireshark_2.6.20-0+deb9u1.dsc
@@ -1,7 +1,41 @@
-2.6.8-1.1~deb9u1 [Sat, 31 Oct 2020 21:05:56 +0200] Adrian Bunk <bunk@debian.org>:
+2.6.20-0+deb9u1 [Sun, 31 Jan 2021 19:44:22 +0200] Adrian Bunk <bunk@debian.org>:
 
-  * Non-maintainer upload by the LTS team.
-  * Rebuild for stretch.
+  * Non-maintainer upload.
+  * New upstream version including the following security fixes:
+    - CVE-2019-16319: The Gryphon dissector could go into an infinite loop.
+    - CVE-2019-19553: The CMS dissector could crash.
+    - CVE-2020-7045: The BT ATT dissector could crash.
+    - CVE-2020-9428: The EAP dissector could crash.
+    - CVE-2020-9430: The WiMax DLMAP dissector could crash.
+    - CVE-2020-9431: The LTE RRC dissector could leak memory.
+    - CVE-2020-11647: The BACapp dissector could crash. (Closes: #958213)
+    - CVE-2020-13164: The NFS dissector could crash.
+    - CVE-2020-15466: The GVCP dissector could go into an infinite loop.
+    - CVE-2020-25862: The TCP dissector could crash.
+    - CVE-2020-25863: The MIME Multipart dissector could crash.
+  * Adjust 17_libdir_location.patch for context changes.
+  * Since Wireshark 2.6.14 tests are run automatically by debhelper,
+    backport the build fix and making test failures non-fatal.
+  * CVE-2020-26575: The Facebook Zero Protocol (aka FBZERO) dissector
+    could enter an infinite loop. (Closes: #974688)
+  * CVE-2020-28030: The GQUIC dissector could crash. (Closes: #974689)
+  * CVE-2020-26418: Memory leak in the Kafka protocol dissector.
+  * CVE-2020-26421: Crash in USB HID protocol dissector.
+
+2.6.10-1 [Wed, 17 Jul 2019 23:23:05 +0200] Balint Reczey <rbalint@ubuntu.com>:
+
+  * New upstream version 2.6.10
+     - security fixes:
+       - ASN.1 BER and related dissectors crash (CVE-2019-13619)
+     - fix QIcon crash on exit on Ubuntu 16.04 with Qt 5.5.1 (LP: #1803808)
+  * debian/gitlab-ci.yml: User minimal reference configuration
+
+2.6.9-1 [Thu, 30 May 2019 22:13:15 +0200] Balint Reczey <rbalint@ubuntu.com>:
+
+  * Acknowledge NMU
+  * New upstream version 2.6.9
+  * Drop obsolete CVE-2019-12295.patch
+  * Refresh patches
 
 2.6.8-1.1 [Mon, 27 May 2019 16:08:44 +0200] Dr. Tobias Quathamer <toddy@debian.org>:
 

<http://10.200.17.11/4.4-7/#1830791323758375061>

Comment 2 Philipp Hahn

2021-02-08 10:44:45 CET

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-7] 8aed2ad3b3 Bug #52755: wireshark 2.6.20-0+deb9u1
 doc/errata/staging/wireshark.yaml | 49 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

Comment 3 Erik Damrose

2021-02-10 17:26:16 CET

<https://errata.software-univention.de/#/?erratum=4.4x891>