[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1645-1] wireshark security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wireshark
Version        : 1.12.1+g01b65bf-4+deb8u17
CVE ID         : CVE-2019-5716 CVE-2019-5717 CVE-2019-5719


Several issues in wireshark, a network traffic analyzer, have been found.
Dissectors of
  - ISAKMP, a Internet Security Association and Key Management Protocol
  - P_MUL, a reliable multicast transfer protocol
  - 6LoWPAN, IPv6 over Low power Wireless Personal Area Network
are affected.

CVE-2019-5719
   Mateusz Jurczyk found that a missing encryption block in a packet could
   crash the ISAKMP dissector.

CVE-2019-5717
  It was found that the P_MUL dissector could crash when a malformed
  packet contains an illegal Data PDU sequence number of 0.  Such a packet
  may not be analysed.

CVE-2019-5716
  It was found that the 6LoWPAN dissector could crash when a malformed
  packet does not contain IPHC information though the header says it
  should.


For Debian 8 "Jessie", these problems have been fixed in version
1.12.1+g01b65bf-4+deb8u17.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlxPeIlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfF0RAAji1G7cf9Y3xM5M4dRAVwDcx64UrZrgkL/jsn/tUVClcQJF6jxIszbt+S
mp1H88kf6ek/U4G3mK9ghR+G6i/573WLweVKHEoOhbnl+Xvq671DQMonSHaixv5h
HrMpjdGQOKdsJxOF1kCduIlbygiZosREkdH7QSgo/oTwaWgUBjJ2fwWYaWWmpRcH
3ppd34C7dhXi/x60Qc4Fs8xBKKv0jGzHJXjhr+Lt3DexmXDauEoOrTccG4GS+mVb
2Ex2Aehu+8QcZUw37HfrfEAINuZu7ojySsEmBKt+hdhVA5+j8Z+iduA8rVzZmEVl
QPzazXmxi+VBp1++wKKcqifqbZe7fIoJPZJsAbr1FdQ94fJ6RTD5jqpDYhAQ2Jdw
sFeJZMdM6GGGwbPzUk+NbzCUaz+EjnsFfdDLIn2igQJCBQHoRpBe5w7d6wqjQ9W+
gnV3COPvaMLu5wg4Edbpmvrv6FgwL/q4gLbud6hTyzPXzca+opYEyv99AHBFgaA9
UCDMqc7EEUOy2i2PyIy1BEVXm40gDpkecrPMlc4cnM+MaOka9pv4OAinnBvne3iL
zQIETKgKxxEXDVFrY0i245I8W0OtbF0jxRxOgvCQeum5NqghPB9lZ+2k1i3XeWO9
A6John21n6DAL3KTckbaTJQY+5cMTJuYW0nlNB4Bqtt6bJwphcs=
=Kysb
-----END PGP SIGNATURE-----


Reply to: