Debian Security Advisory
DLA-38-1 wireshark -- LTS security update
- Date Reported:
- 20 Aug 2014
- Affected Packages:
- wireshark
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-5161, CVE-2014-5162, CVE-2014-5163.
- More information:
-
- CVE-2014-5161 /
CVE-2014-5162
The Catapult DCT2000 and IrDA dissectors could underrun a buffer. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
- CVE-2014-5163
The GSM Management dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
For Debian 6
Squeeze
, these issues have been fixed in wireshark version 1.2.11-6+squeeze15 - CVE-2014-5161 /
CVE-2014-5162