Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0135
wireshark -- security update
16 January 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: wireshark
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-19626 CVE-2018-19625 CVE-2018-19624
CVE-2018-19623 CVE-2018-19622 CVE-2018-16058
CVE-2018-16057 CVE-2018-11359 CVE-2018-11357
CVE-2018-11356 CVE-2018-9270 CVE-2018-9269
CVE-2018-9268 CVE-2018-9267 CVE-2018-9265
CVE-2018-9263 CVE-2018-9262 CVE-2018-9260
CVE-2018-9259 CVE-2018-9256 CVE-2018-7420
CVE-2018-7418 CVE-2018-7417 CVE-2018-7336
CVE-2018-7331 CVE-2018-7325 CVE-2018-7324
CVE-2018-7323 CVE-2018-7322 CVE-2017-17997
CVE-2017-17935 CVE-2017-15191 CVE-2017-13765
CVE-2017-11409 CVE-2017-11407 CVE-2017-11406
CVE-2017-9766 CVE-2017-7747 CVE-2017-7746
CVE-2017-7703 CVE-2017-7700
Original Bulletin:
https://www.debian.org/security/2018/dsa-4359
- --------------------------BEGIN INCLUDED TEXT--------------------
Package : wireshark
Version : 1.12.1+g01b65bf-4+deb8u16
CVE ID : CVE-2017-7700 CVE-2017-7703 CVE-2017-7746 CVE-2017-7747
CVE-2017-9766 CVE-2017-11406 CVE-2017-11407 CVE-2017-11409
CVE-2017-13765 CVE-2017-15191 CVE-2017-17935 CVE-2017-17997
CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325
CVE-2018-7331 CVE-2018-7336 CVE-2018-7417 CVE-2018-7418
CVE-2018-7420 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260
CVE-2018-9262 CVE-2018-9263 CVE-2018-9265 CVE-2018-9267
CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-11356
CVE-2018-11357 CVE-2018-11359 CVE-2018-16057 CVE-2018-16058
CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625
CVE-2018-19626
Several issues in wireshark, a tool that captures and analyzes packets
off the wire, have been found by different people.
These are basically issues with length checks or invalid memory access in
different dissectors. This could result in infinite loops or crashes by
malicious packets.
For Debian 8 "Jessie", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u16.
We recommend that you upgrade your wireshark packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXD6C3maOgq3Tt24GAQhfUg/+NCCkqLS0uQp/BZj5pHjWZIZuOmz41dSO
AFPRV8sEG20f8T+tQI9INiuuiLYNXVrANlKOt2O8m8I1K/v3TpDLDCBDPsoUwgh0
nOPtDEsl/tge60EoXq+1BgXU3GdV6dnNFpLrmNpxKyB5O/ok+O9l4c2bt21MVluR
82StNsOE/hWNhqDrldKuEag5JVxBtloriXrB040YebHdvRGgQZaZq5aG4R8E1OKb
yR//xjLuwyrgtuEh6gf0q4G0okHJ4QY72xOsjb3SZ2fbnDG2Dl6qCpBjL/5kK5Qu
Q4vvN83taZMnhvHPcnbscPwx2JsairD4/RC32cPS+UDhTWHo4DllatASsa1KI1iA
fMkGpmz0GF81x7Zsg0yvQ9TE8XhkDowDTeXZbgljpK8Jwqbn4BYvxhWdZacOwGcl
qwRCZeyjkk/e8PJlIMpbtpvXwppc+/JKgVCn+hE0Z069hjOd6PW6lDpDG0L3+Ie3
zA11kndBAX56U/Jbg98oIicSc1HqNqHV1Z74DNuTvtjvMrGrXOVbekVB9zbhDqap
lYE+1NfTCyvTkigdx0NZZBhBnk8vLZskvSgpqNge5kynU8A+/ziUm6S1BBRltEYa
5AGWoEORmUARq2rQ7jQ6pmZaEj+1bLpccjFFc+yvEIwhSIo40kc49jeWoiKRPoFy
GfrdAdB0b0Q=
=ALKG
-----END PGP SIGNATURE-----