Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0063
Multiple vulnerabilities have been identified in Wireshark
28 February 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-9209 CVE-2019-9208
Member content until: Saturday, March 30 2019
OVERVIEW
Multiple vulnerabilities have been identified in Wireshark prior to:
o Wireshark 2.4.13 and [1]
o Wireshark 2.6.7 [2]
IMPACT
The vendor provides the details to the fixed vulnerabilities in
following Wireshark version: [1][2]
"o wnpa-sec-2019-06 ASN.1 BER and related dissectors crash.
Bug 15447 [3]
CVE-2019-9209
o wnpa-sec-2019-07 TCAP dissector crash.
Bug 15464 [4]
CVE-2019-9208
o wnpa-sec-2019-08 RPCAP dissector crash.
Bug 15536 [5]
"
MITIGATION
The vendor recommends upgrading to the latest version of Wireshark
to correct these vulnerabilities. [1][2]
REFERENCES
[1] [Wireshark-announce] Wireshark 2.4.13 is now available
https://www.wireshark.org/lists/wireshark-announce/201902/msg00003.html
[2] [Wireshark-announce] Wireshark 2.6.7 is now available
https://www.wireshark.org/lists/wireshark-announce/201902/msg00002.html
[3] Bug 15447 - Stack-based off-by-one buffer overflow in
dissect_ber_GeneralizedTime
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447
[4] Bug 15464 - Wireshark NULL pointer dereference in
dissect_tcap_AARQ_application_context_name
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464
[5] Bug 15536 - [oss-fuzz] #13385 Null-dereference READ in
conversation_set_dissector_from_frame_number
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15536
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXHdkbWaOgq3Tt24GAQjR1xAA2DTuBiaXXHcrfMQdTkz23fcLrmRTfMDS
4c1tidMLQjErWBSmLQ6/zKBa4GBeDE88fR697AYpuyWIoZVD0YR+zAt54AxizlW2
BqclVuuAdPRYfLDnMZD2peoi92YBjvHh9YUw2vspGOjPM/pFpuOZ3chU+C3+qsGO
AB4wqbl8VVGHPdIxSC1PKoHoFqy52q3Te60Bhr27vDnJeTSwyxfqeIMRbE8GL+R4
gFYwUmdl7bfA2OHR2xwjtpMQOh5SmCOQQnPQS6HWn0SEbY0xHoCIZ8FSy6lZVqV0
AVk7JA/JVotK32K2kcMgqYQRM/aEWqKHA9PdZ6K5quJ7yaMf0spZZVXy1MpOtv/x
2F9OasZ72Sbdbs1vBhf6N4JADEEyDIZftURpcYhPruCb2SKcAM2qy49VJLacxd+U
Kthz1HxaNhGsWx5dG4FNMC/pjZGxDCsW9u4LitYNGPgfCiccFrMEHeS8UM86LaxP
CLbgrd9ZCjzL2ijSgmQbARu5MFd4T93MTyxmXC1VWxUFzS6xwp/o5hjcrsrDLNwm
LD0WdAx/5nQhLV/MBEszBZEjC4qnPhxQWRczclEKx/0Hr9x+YJ5YQRxOJcialvSP
3h9vfDOEHt+Dkqp6Mr3cDSsZNSFzA3+bTNeqBA8iyT6MaFY7h36fAn2A540O5KxL
Qa+pVb6NH2U=
=X/tz
-----END PGP SIGNATURE-----