This bug was fixed in the package wireshark - 2.4.0-1
---
wireshark (2.4.0-1) unstable; urgency=medium
* Use debconf messages instead of "echo" in postinst/postrm (LP: #1687344)
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html
- security fixes:
- deeply nested DAAP data may cause stack exhaustion
(uncontrolled recursion) in the dissect_daap_one_tag function
(CVE-2017-9617) (Closes: #870174)
- PROFINET IO data with a high recursion depth allows remote
attackers to cause a denial of service (stack exhaustion)
in the dissect_IODWriteReq function. (CVE-2017-9766)
(Closes: #870175)
- the DOCSIS dissector could go into an infinite loop (CVE-2017-11406)
(Closes: #870172)
- the MQ dissector could crash (CVE-2017-11407) (Closes: #870172)
- the AMQP dissector could crash (CVE-2017-11408) (Closes: #870172)
- the WBXML dissector could go into an infinite loop, triggered
by packet injection or a malformed capture file (CVE-2017-11410)
(Closes: #870180)
- the openSAFETY dissector could crash or exhaust system memory
(CVE-2017-11411) (Closes: #870179)
* Update shared library package names to match new .so versions
* Refresh patches
* Drop workaround to use system's nghttp2 since upstream does not
ship the embedded copy anymore
* Add build-dependency on libparse-yapp-perl, liblz4-dev, libsnappy-dev,
libspandsp-dev, libxml2-dev and lynx to enable new upstream features
* Update PO files about debconf templates
-- Balint Reczey Sun, 06 Aug 2017 13:22:45 -0400
** Changed in: wireshark (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11406
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11407
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11408
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11410
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11411
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9617
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9766
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1687344
Title:
package wireshark-common 2.0.2+ga16e22e-1 failed to install/upgrade:
subprocess installed post-removal script returned error exit status
128
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1687344/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs