[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3313-1] wireshark security update



-------------------------------------------------------------------------
Debian LTS Advisory DLA-3313-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Tobias Frost
February 08, 2023                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : wireshark
Version        : 2.6.20-0+deb10u5
CVE ID         : CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413
                 CVE-2023-0415 CVE-2023-0417

Multiple security vulnerabilities have been discovered in Wireshark, a
network traffic analyzer. An attacker could cause a denial of service
(infinite loop or application crash) via packet injection or a crafted
capture file.

CVE-2022-4345

    Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in
    Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via
    packet injection or crafted capture file

CVE-2023-0411

    Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and
    3.6.0 to 3.6.10 and allows denial of service via packet injection or
    crafted capture file

CVE-2023-0412

    TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
    allows denial of service via packet injection or crafted capture file

CVE-2023-0413

    Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
    and allows denial of service via packet injection or crafted capture
    file

CVE-2023-0415

    iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
    and allows denial of service via packet injection or crafted capture
    file

CVE-2023-0417

    Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0
    to 3.6.10 and allows denial of service via packet injection or crafted
    capture file

For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u5.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: