Source: wireshark
Version: 2.6.7-1
Severity: important
Tags: security upstream
Justification: user security hole
Control: found -1 2.6.7-1~deb9u1

Hi,

The following vulnerabilities were published for wireshark.

CVE-2019-10894[0]:
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API
| dissector could crash. This was addressed in epan/dissectors/packet-
| gssapi.c by ensuring that a valid dissector is called.


CVE-2019-10895[1]:
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler
| file parser could crash. This was addressed in wiretap/netscaler.c by
| improving data validation.


CVE-2019-10896[2]:
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF
| dissector could crash. This was addressed in epan/dissectors/packet-
| dof.c by properly handling generated IID and OID bytes.


CVE-2019-10899[3]:
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC
| dissector could crash. This was addressed in epan/dissectors/packet-
| srvloc.c by preventing a heap-based buffer under-read.


CVE-2019-10901[4]:
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS
| dissector could crash. This was addressed in epan/dissectors/packet-
| ldss.c by handling file digests properly.


CVE-2019-10902[5]:
| In Wireshark 3.0.0, the TSDNS dissector could crash. This was
| addressed in epan/dissectors/packet-tsdns.c by splitting strings
| safely.


CVE-2019-10903[6]:
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC
| SPOOLSS dissector could crash. This was addressed in epan/dissectors
| /packet-dcerpc-spoolss.c by adding a boundary check.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10894
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10894
[1] https://security-tracker.debian.org/tracker/CVE-2019-10895
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10895
[2] https://security-tracker.debian.org/tracker/CVE-2019-10896
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10896
[3] https://security-tracker.debian.org/tracker/CVE-2019-10899
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10899
[4] https://security-tracker.debian.org/tracker/CVE-2019-10901
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10901
[5] https://security-tracker.debian.org/tracker/CVE-2019-10902
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10902
[6] https://security-tracker.debian.org/tracker/CVE-2019-10903
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10903

Regards,
Salvatore

Reply via email to