Source: wireshark Version: 2.6.7-1 Severity: important Tags: security upstream Justification: user security hole Control: found -1 2.6.7-1~deb9u1
Hi, The following vulnerabilities were published for wireshark. CVE-2019-10894[0]: | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API | dissector could crash. This was addressed in epan/dissectors/packet- | gssapi.c by ensuring that a valid dissector is called. CVE-2019-10895[1]: | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler | file parser could crash. This was addressed in wiretap/netscaler.c by | improving data validation. CVE-2019-10896[2]: | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF | dissector could crash. This was addressed in epan/dissectors/packet- | dof.c by properly handling generated IID and OID bytes. CVE-2019-10899[3]: | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC | dissector could crash. This was addressed in epan/dissectors/packet- | srvloc.c by preventing a heap-based buffer under-read. CVE-2019-10901[4]: | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS | dissector could crash. This was addressed in epan/dissectors/packet- | ldss.c by handling file digests properly. CVE-2019-10902[5]: | In Wireshark 3.0.0, the TSDNS dissector could crash. This was | addressed in epan/dissectors/packet-tsdns.c by splitting strings | safely. CVE-2019-10903[6]: | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC | SPOOLSS dissector could crash. This was addressed in epan/dissectors | /packet-dcerpc-spoolss.c by adding a boundary check. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10894 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10894 [1] https://security-tracker.debian.org/tracker/CVE-2019-10895 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10895 [2] https://security-tracker.debian.org/tracker/CVE-2019-10896 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10896 [3] https://security-tracker.debian.org/tracker/CVE-2019-10899 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10899 [4] https://security-tracker.debian.org/tracker/CVE-2019-10901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10901 [5] https://security-tracker.debian.org/tracker/CVE-2019-10902 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10902 [6] https://security-tracker.debian.org/tracker/CVE-2019-10903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10903 Regards, Salvatore

