Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2754 Security Update: wireshark 31 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Publisher: Wireshark Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-15193 CVE-2017-15192 CVE-2017-15191 CVE-2017-15190 CVE-2017-15189 Original Bulletin: https://www.wireshark.org/security/wnpa-sec-2017-42.html https://www.wireshark.org/security/wnpa-sec-2017-43.html https://www.wireshark.org/security/wnpa-sec-2017-44.html https://www.wireshark.org/security/wnpa-sec-2017-45.html https://www.wireshark.org/security/wnpa-sec-2017-46.html Comment: This bulletin contains five (5) Wireshark security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- wnpa-sec-2017-42 BT ATT dissector crash Summary Name: BT ATT dissector crash Docid: wnpa-sec-2017-42 Date: October 10, 2017 Affected versions: 2.4.0 to 2.4.1, 2.2.0 to 2.2.9 Fixed versions: 2.4.2, 2.2.10 References: Wireshark bug 14049 CVE-2017-15192 Details Description The Bluetooth Attribute Protocol dissector could crash. Discovered by the OSS-Fuzz project. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.2, 2.2.10 or later. ============================================================================= wnpa-sec-2017-43 MBIM dissector crash Summary Name: MBIM dissector crash Docid: wnpa-sec-2017-43 Date: October 10, 2017 Affected versions: 2.4.0 to 2.4.1, 2.2.0 to 2.2.9 Fixed versions: 2.4.2, 2.2.10 References: Wireshark bug 14056 CVE-2017-15193 Details Description The MBIM dissector could crash or exhaust system memory. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.2, 2.2.10 or later. ============================================================================= wnpa-sec-2017-44 DMP dissector crash Summary Name: DMP dissector crash Docid: wnpa-sec-2017-44 Date: October 10, 2017 Affected versions: 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, 2.0.0 to 2.0.15 Fixed versions: 2.4.2, 2.2.10, 2.0.16 References: Wireshark bug 14068 CVE-2017-15191 Details Description The DMP dissector could crash. Discovered by the OSS-Fuzz project. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.2, 2.2.10, 2.0.16 or later. ============================================================================= wnpa-sec-2017-45 RTSP dissector crash Summary Name: RTSP dissector crash Docid: wnpa-sec-2017-45 Date: October 10, 2017 Affected versions: 2.4.0 to 2.4.1 Fixed versions: 2.4.2 References: Wireshark bug 14077 CVE-2017-15190 Details Description The RTSP dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.2 or later. ============================================================================= wnpa-sec-2017-46 DOCSIS infinite loop Summary Name: DOCSIS infinite loop Docid: wnpa-sec-2017-46 Date: October 10, 2017 Affected versions: 2.4.0 to 2.4.1 Fixed versions: 2.4.2 References: Wireshark bug 14080 CVE-2017-15189 Details Description The DOCSIS dissector could go into an infinite loop. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.2 or later. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWfgM3ox+lLeg9Ub1AQjBJg/+N5jczotzCxqxfe/zhQ90Iqso2LOKOuE/ O4Co1FvUzl4R5avf+D3p7FUXbEz+nSGIhUu8jaJHQTBvs+V7Mc7L0/e7ZSfQpmNE WbSAqJDXSJ1fu/gycBwwI9K0nB4QV2uCsts/iOpP2WsEUXsJVLNjlYXoBZjNYzri mimirsk8XjlVz2SZ3CIXx4vysd7032tFKZc3r7nuuhN5mcauyV3JExVlHJSQtebQ gh863cX+g7wQW8OD9ogs8O+SR3F8UaaWFvD1hPx+qFxtIF+F41+qlfyZGToOJoa2 xE1u/MibLWaWUkWdS3eRV7xKzcPCMJHu69qsA+24gmazcmgzavfg+j0wyzIMaNBo ULmNN9OriN8nnuTvSchW6o+XdWUpD6WBOGkilfqRhryaz1J2XvHjYcKm7/PRWt23 Yto62YakOAYaAkb06QmMMaxe9sCre8b6NoUbuTj+NzKy2bAGkXTiKBXQVzp3hcz8 LXctPeJLWsnN1TJODQxtX082/qv0ylitrWTUjWXUH6hSCdevNGQsEq/vThDqhZu7 R6hCg4nkGoj6+NxLOUU35qRpgdc0mVeKBzPwugQK9bKJUo4QZ7XLIe0xTSyg1quu VNi/3gx/KQWAxMpcJ23/UUD8RFkyEqZSiYJnefvSlxz6A8cI8HxI0airRmCXiCdr vLfCgtjWwOE= =ZpIq -----END PGP SIGNATURE-----