Univention Bugzilla – Bug 49067
wireshark: Multiple issues (4.3)
Last modified: 2019-03-27 14:28:43 CET
New Debian wireshark 2.6.7-1~deb9u1 fixes: This update addresses the following issues: * 6LoWPAN dissector crash in epan/dissectors/packet-6lowpan.c (CVE-2019-5716) * P_MUL dissector crash in epan/dissectors/packet-p_mul.c (CVE-2019-5717) * out-of-bounds read in get_t61_string() in epan/charsets.c (CVE-2019-5718) * ISAKMP dissector crash in epan/dissectors/packet-isakmp.c (CVE-2019-5719) * null-pointer dereference in TCAP dissector (CVE-2019-9208) * Stack-based off-by-one buffer overflow in dissect_ber_GeneralizedTime (CVE-2019-9209) * null-deference read in RPCAP dissector (CVE-2019-9214)
--- mirror/ftp/4.3/unmaintained/component/4.3-3-errata/source/wireshark_2.6.5-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/wireshark_2.6.7-1~deb9u1.dsc @@ -1,6 +1,36 @@ -2.6.5-1~deb9u1 [Fri, 07 Dec 2018 23:50:12 +0100] Balint Reczey <rbalint@ubuntu.com>: +2.6.7-1~deb9u1 [Sat, 23 Mar 2019 16:31:49 +0100] Salvatore Bonaccorso <carnil@debian.org>: - * Rebuild for Stretch + * Non-maintainer upload by the Security Team. + * Rebuild for stretch(-security). + +2.6.7-1 [Thu, 28 Feb 2019 12:29:35 +0100] Balint Reczey <rbalint@ubuntu.com>: + + [ Balint Reczey ] + * Drop unapplied backport-to-old-gnutls.patch + * Ship captype and randpkt in wireshark-common (Closes: #919027) + * Override a few Lintian issues + * New upstream version 2.6.7 + - security fixes (Closes: #923611): + - ASN.1 BER and related dissectors crash. (CVE-2019-9209) + - TCAP dissector crash. (CVE-2019-9208) + - RPCAP dissector crash. (CVE-2019-9214) + + [ Joe Hansen ] + * Danish debconf translate translation update (Closes: #923064) + +2.6.6-1 [Wed, 09 Jan 2019 14:58:36 +0700] Balint Reczey <rbalint@ubuntu.com>: + + [ Jean-Philippe MENGUAL ] + * French debconf translation update (Closes: #915161) + + [ Balint Reczey ] + * New upstream version 2.6.6 + - security fixes: + - The P_MUL dissector could crash. (CVE-2019-5717) + - The RTSE dissector and other dissectors could crash. (CVE-2019-5718) + - The ISAKMP dissector could crash. (CVE-2019-5719) + - The 6LoWPAN dissector could crash. (CVE-2019-5716) + * Mention GPLv3+ code snippet in tools/pidl/idl.yp (Closes: #918089) 2.6.5-1 [Thu, 29 Nov 2018 14:41:14 +0100] Balint Reczey <rbalint@ubuntu.com>: <http://10.200.17.11/4.3-3/#8751806500658333621>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] c1e564a917 Bug #49067: wireshark 2.6.7-1~deb9u1 doc/errata/staging/wireshark.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.3-3] e6bd3e0fcc Bug #49067: wireshark 2.6.7-1~deb9u1 doc/errata/staging/wireshark.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<http://errata.software-univention.de/ucs/4.3/465.html>