[SECURITY] [DLA 3746-1] wireshark security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3746-1] wireshark security update
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 29 Feb 2024 23:59:34 +0000
Message-id: <[🔎] ZeEaZvI6OyzLwVjy@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3746-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
February 29, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : wireshark
Version        : 2.6.20-0+deb10u8
CVE ID         : CVE-2023-4511 CVE-2023-4513 CVE-2023-6175 CVE-2024-0208

Multiple vulnerabilities hav been  fixed in the network traffic analyzer Wireshark.

CVE-2023-4511

    BT SDP dissector infinite loop

CVE-2023-4513

    BT SDP dissector memory leak

CVE-2023-6175

    NetScreen file parser crash

CVE-2024-0208

    GVCP dissector crash

For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u8.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXhGmYACgkQiNJCh6LY
mLG0OA/8DAFLm55Zi1CXqeQ6UE17XW8+RF1zqWgLV0RyghH5AK7vOVdGmynQ8rXV
UoIc86ONvl5KooQOzUVQRSdY60g0Vd+PYf6KLd/yeiDoYNjuPcRdWWQ8UwC59FMr
Ndkt4SBxiZzwOD29p4X6S7resXOVeMUEn4wGEfBzTd6SSwraRZIj1SBJ319wK51r
GfWfPvX2bO3FAr50PiGoJHa7NKo/y4xnKAzgsSmottqMAKFFA2rIweR/GnrnyCJQ
/7fRb2ExJgWk0IjzZ/m0OrqladGnQv1jjjKUxQD3kQjOYXVnSTzwL6ffBJS9PbeE
Pmjmu9tPcMnzM9gGjZZqPszEbtbV2AuImBEbgIZKIgBBSafzqNBrrXbjC8oEa5vp
Lsf6++rj+L+X7LivLwJ30UeLnR6hH9OcauxAp3uuWcUELdXVrT3lrKBYAPuB0gbi
OhiiqtzCzljQ2rGpcWiwcQtvicuKlUClbPf0k9CYEmFRVLgc1WqdYY8fnctreQLG
DuawYlEH7WVVfpstjmHkdBfFdy3PAPw+pI09X2moF6cMXk9//4AtEs1P9Si8wqwH
2HHO6cIXqeIDlC7PmlWgTl1O1fl+sKml5KMd5NR6WERIp1rryB/Rw8Yj4/v+P91q
ZqKRplpbI3BQ01mPuK2j5W8vAbNG5k2dK+nfrCyKAfiPYv7/oFc=
=tkiZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3745-1] gsoap security update
Previous by thread: [SECURITY] [DLA 3745-1] gsoap security update
Index(es):
- Date
- Thread