Debian Security Advisory
DLA-1645-1 wireshark -- LTS security update
- Date Reported:
- 28 Jan 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-5716, CVE-2019-5717, CVE-2019-5719.
- More information:
Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of:
- ISAKMP, a Internet Security Association and Key Management Protocol
- P_MUL, a reliable multicast transfer protocol
- 6LoWPAN, IPv6 over Low power Wireless Personal Area Network
Mateusz Jurczyk found that a missing encryption block in a packet could crash the ISAKMP dissector.
It was found that the P_MUL dissector could crash when a malformed packet contains an illegal Data PDU sequence number of 0. Such a packet may not be analysed.
It was found that the 6LoWPAN dissector could crash when a malformed packet does not contain IPHC information though the header says it should.
For Debian 8
Jessie, these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u17.
We recommend that you upgrade your wireshark packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS