[SECURITY] [DLA 1802-1] wireshark security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1802-1] wireshark security update
From: Hugo Lefeuvre <hle@debian.org>
Date: Sat, 25 May 2019 07:56:42 +0200
Message-id: <[🔎] 20190525055642.GA4113@behemoth.owl.eu.com.local>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wireshark
Version        : 1.12.1+g01b65bf-4+deb8u19
CVE ID         : CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901 
                 CVE-2019-10903
Debian Bug     : 926718

Several vulnerabilities have been found in wireshark, a network traffic analyzer.

CVE-2019-10894

    Assertion failure in dissect_gssapi_work (packet-gssapi.c) leading to
    crash of the GSS-API dissector. Remote attackers might leverage this
    vulnerability to trigger DoS via a packet containing crafted GSS-API
    payload.

CVE-2019-10895

    Insufficient data validation leading to large number of heap buffer
    overflows read and write in the NetScaler trace handling module
    (netscaler.c). Remote attackers might leverage these vulnerabilities to
    trigger DoS, or any other unspecified impact via crafted packets.

CVE-2019-10899

    Heap-based buffer under-read vulnerability in the Service Location
    Protocol dissector. Remote attackers might leverage these
    vulnerabilities to trigger DoS, or any other unspecified impact via
    crafted SRVLOC packets.

CVE-2019-10901

    NULL pointer dereference in the Local Download Sharing Service
    protocol dissector. Remote attackers might leverage these flaws to
    trigger DoS via crafted LDSS packets.

CVE-2019-10903

    Missing boundary checks leading to heap out-of-bounds read
    vulnerability in the Microsoft Spool Subsystem protocol dissector.
    Remote attackers might leverage these vulnerabilities to trigger DoS,
    or any other unspecified impact via crafted SPOOLSS packets.

For Debian 8 "Jessie", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u19.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlzo2PkACgkQZYVUZx9w
0DRlwwf+L49dVzkhsvHzwrMZkHXJiYE1Jvuve6tr0FO/d3ZgYzT6W0E6vo17MrIG
lZRhyuatjiUe7KPZ4IGfqRYXuZSmK9+ApHziWon+5HhPpz3dDX0tjUMbmm6qh7eO
2Rz5u1NGKBoK4hiQaMXMc1M6U6F+Ome/iuSuI/YQFkfvf+YuHrnMRPotSkPfB3TO
bCPv9LCFE3fkvoIFtGaGfA+jgWGu7VCflSXKDxdq7pBvKS+wYyTjdqXJ1COONoH4
CpN3AMFD1nPqCp5+0WqCrUYZzHtfsgIlDgO/ACZyTSvRCbRUc1dqmw3HTsHuGSHM
8YYvvUG06nSPDnVgBTXzI0OUhbNrmQ==
=tdK7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1801-1] zookeeper security update
Next by Date: [SECURITY] [DLA 1803-1] php5 security update
Previous by thread: [SECURITY] [DLA 1801-1] zookeeper security update
Next by thread: [SECURITY] [DLA 1803-1] php5 security update
Index(es):
- Date
- Thread