[SECURITY] [DLA 3402-1] wireshark security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3402-1] wireshark security update
From: Adrian Bunk <bunk@debian.org>
Date: Sat, 29 Apr 2023 21:58:46 +0300
Message-id: <[🔎] ZE1o5j1IeP5f6xSB@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3402-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 29, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : wireshark
Version        : 2.6.20-0+deb10u6
CVE ID         : CVE-2023-1161 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994
Debian Bug     : 1033756 1034721

Several vulnerabilities were fixed in the network traffic analyzer Wireshark.

CVE-2023-1161

    ISO 15765 dissector crash

CVE-2023-1992

    RPCoRDMA dissector crash

CVE-2023-1993

    LISP dissector large loop vulnerability

CVE-2023-1994

    GQUIC dissector crash

For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u6.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmRNaOIACgkQiNJCh6LY
mLH5tQ//bLVYAnS45mCE2ByQjh84oCzM8RMnv97jt3h0Qx6VZ0MjI7qbvxgwme7y
DPBsgleP5agbj/EC/8HnLkz4HDgqdjxHc/E/eWrSllWq+H8hnu/lGd+f3Pt5sAsT
VD4O48ILCPKBNlsd5ifUv/2H4ntxu2b1lF+sTjsBxzaAbM94F/XV/8YRZdjvTq7I
1MlTS7GfrjW9Bg0EqxTrzwudZotEKqY/PSgyVOgeBXGz864H5Uz8LUB0DWWixQeO
Ykq6T5B5kDqYM4VMurj9ah7FzliN80KJMBJ9DvLV44qo4IXOuk84UNaEZ+GSOu+o
J3sp8rMQBHxlWOT5vt4nYsx7vp4AlYf6VOqOryGZ0vQxltQzpcjo2xZl+BCtXJ3O
YbVFOdhSg8WotwbK01e1TQokBWb54ilzBN29sUJFBp60Xs1b63TasVorOBUSbFGp
iUiSDVr3WqnZQ9TIHpiotb99StWWpIK74nKbTyHs9YRjpJHZ4glab68j8Ut0DqSU
drEDlu82bAallFPzSUoBVNfPBD0pJpIMrf8pVjpJHePLTRw24MgRWHgnbUxF362C
PSmrJ2Eq30InBpWvawghsWmA9Z4yeQiL5/kTavGLtEpjS7UD/W3kVHzxPU1X7+gP
VNUbG2rwXEQHjYhgwAlTsnzUtltE3ocAcMCqfDU5bIO+qdSGFQs=
=ORXr
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3401-1] apache2 security update
Next by Date: [SECURITY] [DLA 3406-1] sniproxy security update
Previous by thread: [SECURITY] [DLA 3401-1] apache2 security update
Next by thread: [SECURITY] [DLA 3406-1] sniproxy security update
Index(es):
- Date
- Thread