[SECURITY] [DLA 1645-1] wireshark security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1645-1] wireshark security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 28 Jan 2019 22:47:53 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.1901282246170.20079@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wireshark
Version        : 1.12.1+g01b65bf-4+deb8u17
CVE ID         : CVE-2019-5716 CVE-2019-5717 CVE-2019-5719


Several issues in wireshark, a network traffic analyzer, have been found.
Dissectors of
  - ISAKMP, a Internet Security Association and Key Management Protocol
  - P_MUL, a reliable multicast transfer protocol
  - 6LoWPAN, IPv6 over Low power Wireless Personal Area Network
are affected.

CVE-2019-5719
   Mateusz Jurczyk found that a missing encryption block in a packet could
   crash the ISAKMP dissector.

CVE-2019-5717
  It was found that the P_MUL dissector could crash when a malformed
  packet contains an illegal Data PDU sequence number of 0.  Such a packet
  may not be analysed.

CVE-2019-5716
  It was found that the 6LoWPAN dissector could crash when a malformed
  packet does not contain IPHC information though the header says it
  should.


For Debian 8 "Jessie", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u17.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlxPeIlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfF0RAAji1G7cf9Y3xM5M4dRAVwDcx64UrZrgkL/jsn/tUVClcQJF6jxIszbt+S
mp1H88kf6ek/U4G3mK9ghR+G6i/573WLweVKHEoOhbnl+Xvq671DQMonSHaixv5h
HrMpjdGQOKdsJxOF1kCduIlbygiZosREkdH7QSgo/oTwaWgUBjJ2fwWYaWWmpRcH
3ppd34C7dhXi/x60Qc4Fs8xBKKv0jGzHJXjhr+Lt3DexmXDauEoOrTccG4GS+mVb
2Ex2Aehu+8QcZUw37HfrfEAINuZu7ojySsEmBKt+hdhVA5+j8Z+iduA8rVzZmEVl
QPzazXmxi+VBp1++wKKcqifqbZe7fIoJPZJsAbr1FdQ94fJ6RTD5jqpDYhAQ2Jdw
sFeJZMdM6GGGwbPzUk+NbzCUaz+EjnsFfdDLIn2igQJCBQHoRpBe5w7d6wqjQ9W+
gnV3COPvaMLu5wg4Edbpmvrv6FgwL/q4gLbud6hTyzPXzca+opYEyv99AHBFgaA9
UCDMqc7EEUOy2i2PyIy1BEVXm40gDpkecrPMlc4cnM+MaOka9pv4OAinnBvne3iL
zQIETKgKxxEXDVFrY0i245I8W0OtbF0jxRxOgvCQeum5NqghPB9lZ+2k1i3XeWO9
A6John21n6DAL3KTckbaTJQY+5cMTJuYW0nlNB4Bqtt6bJwphcs=
=Kysb
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1644-1] policykit-1 security update
Next by Date: [SECURITY] [DLA 1646-1] qemu security update
Previous by thread: [SECURITY] [DLA 1644-1] policykit-1 security update
Next by thread: [SECURITY] [DLA 1646-1] qemu security update
Index(es):
- Date
- Thread