Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0141 Multiple vulnerabilities have been identified in Wireshark 12 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Publisher: Wireshark Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-5336 CVE-2018-5335 CVE-2018-5334 CVE-2017-17997 Original Bulletin: https://www.wireshark.org/security/wnpa-sec-2018-01.html https://www.wireshark.org/security/wnpa-sec-2018-02.html https://www.wireshark.org/security/wnpa-sec-2018-03.html https://www.wireshark.org/security/wnpa-sec-2018-04.html Comment: This bulletin contains four (4) Wireshark security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- wnpa-sec-2018-01 - Multiple dissectors could crash Summary Name: Multiple dissectors could crash Docid: wnpa-sec-2018-01 Date: January 11, 2018 Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11 Fixed versions: 2.4.4, 2.2.12 References: Wireshark bug 14253 CVE-2018-5336 Details Description The JSON, XML, NTP, XMPP, and GDB dissectors could crash. Discovered by Kamil Frankowicz. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.4, 2.2.12 or later. - -------------------------------------------------------------------------------- wnpa-sec-2018-02 - MRDISC dissector crash Summary Name: MRDISC dissector crash Docid: wnpa-sec-2018-02 Date: January 11, 2018 Affected versions: 2.2.0 to 2.2.11 Fixed versions: 2.2.12 References: Wireshark bug 14299 CVE-2017-17997 Details Description The MRDISC dissector could crash. Discovered by Young. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.2.12 or later. - -------------------------------------------------------------------------------- wnpa-sec-2018-03 - IxVeriWave file parser crash Summary Name: IxVeriWave file parser crash Docid: wnpa-sec-2018-03 Date: January 11, 2018 Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11 Fixed versions: 2.4.4, 2.2.12 References: Wireshark bug 14297 CVE-2018-5334 Details Description The IxVeriWave file parser could crash. Discovered by Young. Impact It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.4, 2.2.12 or later. - -------------------------------------------------------------------------------- wnpa-sec-2018-04 - WCP dissector crash Summary Name: WCP dissector crash Docid: wnpa-sec-2018-04 Date: January 11, 2018 Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11 Fixed versions: 2.4.4, 2.2.12 References: Wireshark bug 14251 CVE-2018-5335 Details Description The WCP dissector could crash. Discovered by Kamil Frankowicz. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.4, 2.2.12 or later. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWlgn+Yx+lLeg9Ub1AQhtTBAAlAz9p36D5LvmE8yt0R9aHGhrOwPpg66K GwPXsjFwFunh2mPfqcpGViP/NzsHPCxoXRNNUsxcOweA/FNs21pq5IV41UpcyoQZ sbMM20OzaeiryxywNH3DIyrv6CJ42COqPuBwZTfH7fn3fZpiQUJZl1p+wcABDtMP abSLrSyYmdsk9zkh7j5xnta7uslCwhwGSarNhdWCaqzzUHiZl8CB/tj776TLldM0 7fGV9VHu3fEImA5utzRFMC5U5U9Hd8vfHFy88q+ClfJf+z0XihVjjwC65Wb5nUCf 79BCdYw5sR2MP1BQaCCB9uRVuYcjd2yiq7HEoKv1szmeP0LMiqeSCUWVjje4XuYD 4N4qrhAwdocXc3bOxEowRGIErPEVQj1JHENrZnn6Q4OSbZyHGFmK/imJfwUx8y22 9Q9YcEGWlxoRR6dZk3++hY/WRpgAk35/jH+Wgtz9um3PSr6XNKY2heagAg7NlXB4 cSMhhXXVTuRqYAQxk2QBpd6Qe8iQnWvh1TXRfcGfZA4TxRPUY0Gxp9ZMhhrEVwbY dUXzccqzNaBXlAPAtZuSFw1UXigJYimBHxaE8svCkEcUUiA/mtQN70HCbMAew4Ba XwcD79qkwbqc6K90OL/6yuV6fcMzAVwvpgnNHJIMuVDWmIZulfBjZP7u7m+NYOd4 Neww9dTcAZM= =SV0M -----END PGP SIGNATURE-----