Bug 47284 - wireshark: Multiple issues (4.3)
wireshark: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-1-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-03 13:34 CEST by Philipp Hahn
Modified: 2018-07-04 14:53 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-07-03 13:34:10 CEST
New Debian wireshark 2.2.6+g32dac6a-2+deb9u3 fixes:
This update addresses the following issue(s):
* 

This update addresses the following issue(s):
* 
CVE_2017-9343 is open
CVE_2017-9344 is open
CVE_2017-9345 is open
CVE_2017-9346 is open
CVE_2017-9347 is open
CVE_2017-9348 is open
CVE_2017-9349 is open
CVE_2017-9350 is open
CVE_2017-9351 is open
CVE_2017-9352 is open
CVE_2017-9353 is open
CVE_2017-9354 is open
CVE_2017-9616 is open
CVE_2017-9617 is open
CVE_2017-9766 is open
CVE_2017-11406 is open
CVE_2017-11407 is open
CVE_2017-11410 is open
CVE_2017-13764 is open
CVE_2017-13765 is open
CVE_2017-13767 is open
CVE_2017-15189 is open
CVE_2017-15191 is open
CVE_2017-15192 is open
CVE_2017-15193 is open
CVE_2017-17935 is open
CVE_2017-17997 is open
* In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. (CVE-2018-7320)
CVE_2018-7321 is open
CVE_2018-7322 is open
CVE_2018-7323 is open
CVE_2018-7324 is open
CVE_2018-7325 is open
CVE_2018-7326 is open
CVE_2018-7329 is open
CVE_2018-7331 is open
CVE_2018-7332 is open
CVE_2018-7333 is open
* In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. (CVE-2018-7334)
* In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. (CVE-2018-7335)
CVE_2018-7336 is open
CVE_2018-7337 is open
CVE_2018-7417 is open
CVE_2018-7418 is open
* In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. (CVE-2018-7419)
CVE_2018-7420 is open
CVE_2018-7421 is open
CVE_2018-9256 is open
CVE_2018-9257 is open
CVE_2018-9258 is open
CVE_2018-9259 is open
CVE_2018-9260 is open
* In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. (CVE-2018-9261)
CVE_2018-9262 is open
CVE_2018-9263 is open
* In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. (CVE-2018-9264)
CVE_2018-9265 is open
CVE_2018-9266 is open
CVE_2018-9267 is open
CVE_2018-9268 is open
CVE_2018-9269 is open
CVE_2018-9270 is open
CVE_2018-9271 is open
CVE_2018-9272 is open
* In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. (CVE-2018-9273)
CVE_2018-11356 is open
CVE_2018-11357 is open
* In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. (CVE-2018-11358)
CVE_2018-11359 is open
* In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. (CVE-2018-11360)
CVE_2018-11361 is open
* In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. (CVE-2018-11362)

2.2.6+g32dac6a-2+deb9u3 (Wed, 30 May 2018 00:08:09 +0200)
  * CVE-2017-9273 / CVE-2018-11358 / CVE-2018-11360 / CVE-2018-11362
    CVE-2018-7320 / CVE-2018-7334 / CVE-2018-7335 / CVE-2018-7419
    CVE-2018-9261 / CVE-2018-9264
* CVE-2018-7320 wireshark: Heap-based Buffer Overflow in SIGCOMP dissector crash in packet-sigcomp.c (CVE-2018-7320)
* CVE-2018-7334 wireshark: out of bounds access in UMTS MAC dissector in packet-umts_mac.c (CVE-2018-7334)
* CVE-2018-7335 wireshark: IEEE 802.11 dissector crash in airpdcap.c (CVE-2018-7335)
* CVE-2018-7419 wireshark: NBAP dissector crash in nbap.cnf (CVE-2018-7419)
* CVE-2018-9261 wireshark: NBAP dissector crash in epan/dissectors/packet-nbap.c (CVE-2018-9261)
* CVE-2018-9264 wireshark: memory leak in ui/failure_message.c (CVE-2018-9264)
* CVE-2018-9273 wireshark: memory leak in epan/dissectors/packet-pcp.c (CVE-2018-9273)
* CVE-2018-11358 wireshark: Use after free in packet-q931.c (CVE-2018-11358)
* CVE-2018-11360 wireshark: Heap-based Buffer Overflow in packet-gsm_a_dtap.c (CVE-2018-11360)
* CVE-2018-11362 wireshark:  Out-of-bounds read in packet-ldss.c (CVE-2018-11362)
Comment 1 Philipp Hahn univentionstaff 2018-07-03 13:55:34 CEST
[4.3-1] e28f423b11 Bug #47284: wireshark 2.2.6+g32dac6a-2+deb9u3
 doc/errata/staging/wireshark.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

<http://10.200.17.11/4.3-1/#8831989076918597809>
Comment 2 Arvid Requate univentionstaff 2018-07-04 13:35:36 CEST
Verified:
* Output of automatic checks
* Package update
* Advisory

12b0210805 | Publish also for UCS 4.3-0
Comment 3 Arvid Requate univentionstaff 2018-07-04 14:53:57 CEST
<http://errata.software-univention.de/ucs/4.3/138.html>