Re: [SECURITY] [DLA 1634-1] wireshark security update
unsubscribe
Re: [SECURITY] [DLA 1634-1] wireshark security update
Thank you Le Mar 15 Jan 2019 20:39, Thorsten Alteholz a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Package: wireshark > Version: 1.12.1+g01b65bf-4+deb8u16 > CVE ID : CVE-2017-7700 CVE-2017-7703 CVE-2017-7746 CVE-2017-7747 > CVE-2017-9766 CVE-2017-11406 CVE-2017-11407 > CVE-2017-11409 > CVE-2017-13765 CVE-2017-15191 CVE-2017-17935 > CVE-2017-17997 > CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 > CVE-2018-7331 CVE-2018-7336 CVE-2018-7417 CVE-2018-7418 > CVE-2018-7420 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 > CVE-2018-9262 CVE-2018-9263 CVE-2018-9265 CVE-2018-9267 > CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-11356 > CVE-2018-11357 CVE-2018-11359 CVE-2018-16057 > CVE-2018-16058 > CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 > CVE-2018-19625 > CVE-2018-19626 > > > Several issues in wireshark, a tool that captures and analyzes packets > off the wire, have been found by different people. > These are basically issues with length checks or invalid memory access in > different dissectors. This could result in infinite loops or crashes by > malicious packets. > > For Debian 8 "Jessie", these problems have been fixed in version > 1.12.1+g01b65bf-4+deb8u16. > > We recommend that you upgrade your wireshark packages. > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > > -BEGIN PGP SIGNATURE- > > iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlw+MCZfFIAALgAo > aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy > MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 > WEelWA/+NCrvIRdJkPcl9pH/ALCH6A5j5+CjLhZ/1ej0kQUv91YGqPHZhfJ9GnHp > 8VQfwdmJXCXw4lmF1DpN2T/q3KqG6qwGowfxeWBoinfJgsCTIpY1r5n+dff/syu7 > OIV5swZAiR3ivk/Pm6U3j3sX2HTFCPqsHi9atxaWDIcllMibM1FKgHr2SIXe991x > eCax5J3UPv594V+42j4hYIbLg28dhbGKGWKuONGhbW0aRWFoj6J9gOR3r+dVdKnI > mAKAbPrM6/t75VNsr0L6FJCDX+7eJPImgGjTFL1e/Ue8AZTRCma2Zyg8bVEcHsSq > 5HEAPFAjdOqSW6XqlTDF1J1E+7dA1nIX+uCA/3nZK7HM+IRqaXXMADisO1oVnQyl > NJ7dwsGbpTuZSOF8cbdDptyBxz4R3z3Zo3bg+e9mvcwDPzrEQbPsXFpmtmtbbVsX > ELH9G8AOEBGeGc3pz14+XMFMI/OskoletTLWyTGBv7MvQtmUtHc+e/RpL1GvFrHf > APfmCZQdDhqpk9O1EcApIFpNuBlzrqlCfzUi8nSlJxjCsT0fQey54dadORn5eYd1 > K/9Gnj+AMqFr6irYa/G9BGQ/u3bV+XvyNytNlgM2/lbOyUSjPKAL+6OJa7AIYXM5 > tw18Zuiq8FEH2UqMEzCuzxovoGJKIEPDQEmKM5COvvlIIJAO2UU= > =5QMF > -END PGP SIGNATURE- > >
[SECURITY] [DLA 1634-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u16 CVE ID : CVE-2017-7700 CVE-2017-7703 CVE-2017-7746 CVE-2017-7747 CVE-2017-9766 CVE-2017-11406 CVE-2017-11407 CVE-2017-11409 CVE-2017-13765 CVE-2017-15191 CVE-2017-17935 CVE-2017-17997 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7331 CVE-2018-7336 CVE-2018-7417 CVE-2018-7418 CVE-2018-7420 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9262 CVE-2018-9263 CVE-2018-9265 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-11356 CVE-2018-11357 CVE-2018-11359 CVE-2018-16057 CVE-2018-16058 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 Several issues in wireshark, a tool that captures and analyzes packets off the wire, have been found by different people. These are basically issues with length checks or invalid memory access in different dissectors. This could result in infinite loops or crashes by malicious packets. For Debian 8 "Jessie", these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u16. We recommend that you upgrade your wireshark packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlw+MCZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEelWA/+NCrvIRdJkPcl9pH/ALCH6A5j5+CjLhZ/1ej0kQUv91YGqPHZhfJ9GnHp 8VQfwdmJXCXw4lmF1DpN2T/q3KqG6qwGowfxeWBoinfJgsCTIpY1r5n+dff/syu7 OIV5swZAiR3ivk/Pm6U3j3sX2HTFCPqsHi9atxaWDIcllMibM1FKgHr2SIXe991x eCax5J3UPv594V+42j4hYIbLg28dhbGKGWKuONGhbW0aRWFoj6J9gOR3r+dVdKnI mAKAbPrM6/t75VNsr0L6FJCDX+7eJPImgGjTFL1e/Ue8AZTRCma2Zyg8bVEcHsSq 5HEAPFAjdOqSW6XqlTDF1J1E+7dA1nIX+uCA/3nZK7HM+IRqaXXMADisO1oVnQyl NJ7dwsGbpTuZSOF8cbdDptyBxz4R3z3Zo3bg+e9mvcwDPzrEQbPsXFpmtmtbbVsX ELH9G8AOEBGeGc3pz14+XMFMI/OskoletTLWyTGBv7MvQtmUtHc+e/RpL1GvFrHf APfmCZQdDhqpk9O1EcApIFpNuBlzrqlCfzUi8nSlJxjCsT0fQey54dadORn5eYd1 K/9Gnj+AMqFr6irYa/G9BGQ/u3bV+XvyNytNlgM2/lbOyUSjPKAL+6OJa7AIYXM5 tw18Zuiq8FEH2UqMEzCuzxovoGJKIEPDQEmKM5COvvlIIJAO2UU= =5QMF -END PGP SIGNATURE-
Accepted wireshark 1.12.1+g01b65bf-4+deb8u16 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Dec 2018 19:03:02 +0100 Source: wireshark Binary: wireshark-common wireshark wireshark-qt tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark5 libwsutil4 libwsutil-dev libwireshark-data libwireshark-dev libwiretap4 libwiretap-dev Architecture: source amd64 all Version: 1.12.1+g01b65bf-4+deb8u16 Distribution: jessie-security Urgency: medium Maintainer: Balint Reczey Changed-By: Thorsten Alteholz Description: libwireshark-data - network packet dissection library -- data files libwireshark-dev - network packet dissection library -- development files libwireshark5 - network packet dissection library -- shared library libwiretap-dev - network packet capture library -- development files libwiretap4 - network packet capture library -- shared library libwsutil-dev - network packet dissection utilities library -- shared library libwsutil4 - network packet dissection utilities library -- shared library tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools wireshark-doc - network traffic analyzer - documentation wireshark-qt - network traffic analyzer - Qt version Changes: wireshark (1.12.1+g01b65bf-4+deb8u16) jessie-security; urgency=medium . * Non-maintainer upload by the Wheezy LTS Team. * fix for the following CVEs: CVE-2018-19626 CVE-2018-19625 CVE-2018-19624 CVE-2018-19623 CVE-2018-19622 CVE-2018-16058 CVE-2018-16057 CVE-2018-11359 CVE-2018-11357 CVE-2018-11356 CVE-2018-9270 CVE-2018-9269 CVE-2018-9268 CVE-2018-9267 CVE-2018-9265 CVE-2018-9263 CVE-2018-9262 CVE-2018-9260 CVE-2018-9259 CVE-2018-9256 CVE-2018-7420 CVE-2018-7418 CVE-2018-7417 CVE-2018-7336 CVE-2018-7331 CVE-2018-7325 CVE-2018-7324 CVE-2018-7323 CVE-2018-7322 CVE-2018-7746 CVE-2017-17997 CVE-2017-17935 CVE-2017-15191 CVE-2017-13765 CVE-2017-11409 CVE-2017-11407 CVE-2017-11406 CVE-2017-9766 CVE-2017-7747 CVE-2017-7703 CVE-2017-7700 These are basically all problems with length checks, invalid memory access in different dissectors. This could result in infinite loops or crashes by malicious packets. Checksums-Sha1: 3ada1e60192b9fecd7c409133daa53c34d1e92df 3505 wireshark_1.12.1+g01b65bf-4+deb8u16.dsc 407f0a5f28c4ea34b0ea2b5a43e1da7632e357a9 25091052 wireshark_1.12.1+g01b65bf.orig.tar.xz bf7935cead5014071c410c8125c99d8cfd930f9f 200500 wireshark_1.12.1+g01b65bf-4+deb8u16.debian.tar.xz bce36ab14536567b3596ca303c378709e4dde4f4 182822 wireshark-common_1.12.1+g01b65bf-4+deb8u16_amd64.deb 34752d468df1dca49cc979e062b32043ca4ee0b2 791494 wireshark_1.12.1+g01b65bf-4+deb8u16_amd64.deb f9aebb95ba9155fded6872068272db6269e90bd2 1064806 wireshark-qt_1.12.1+g01b65bf-4+deb8u16_amd64.deb 4ff70f594cb248dc48741ece1b4c26a23bb29f5c 163570 tshark_1.12.1+g01b65bf-4+deb8u16_amd64.deb ed4c36af1a15b66c208e61c35aa6ac4ec95beb95 146860 wireshark-dev_1.12.1+g01b65bf-4+deb8u16_amd64.deb 805bf73361232ad2877a78ffcc243d46ad0b631d 38782510 wireshark-dbg_1.12.1+g01b65bf-4+deb8u16_amd64.deb 40044202fee95cccefc0354868f1f2239562215b 3872700 wireshark-doc_1.12.1+g01b65bf-4+deb8u16_all.deb 8a4952c96bfe3f63a78537d480a2bfc5906cb1d8 11280552 libwireshark5_1.12.1+g01b65bf-4+deb8u16_amd64.deb e66fa2de480dfdd576112c7601a6b9f4066b1d60 96786 libwsutil4_1.12.1+g01b65bf-4+deb8u16_amd64.deb 3e7a02e76d5e6dcfc410e92535c93855084abcaf 73536 libwsutil-dev_1.12.1+g01b65bf-4+deb8u16_amd64.deb 3a56800e0c6461061147846fef3cdfe7b6a78e87 838654 libwireshark-data_1.12.1+g01b65bf-4+deb8u16_all.deb cb938a050e7d51eb0074fb7175655438f59add2c 769362 libwireshark-dev_1.12.1+g01b65bf-4+deb8u16_amd64.deb d84daa327ff7044abb85e41ba9cf8e2339c474e9 189266 libwiretap4_1.12.1+g01b65bf-4+deb8u16_amd64.deb 98d598d6009c82a712ccea73745931c7267db6b6 80740 libwiretap-dev_1.12.1+g01b65bf-4+deb8u16_amd64.deb Checksums-Sha256: 730e7fa86afadf1e7e0210f8d0d9a7f05b9cc039e687af279b949b8b9a19c83b 3505 wireshark_1.12.1+g01b65bf-4+deb8u16.dsc 5244081064ba37780804983724e09263440866587f33f2a525a684b6d393d4cf 25091052 wireshark_1.12.1+g01b65bf.orig.tar.xz b167845fd5c275520b407d30fda07e6ff9e83db422dbbe28b6888e00b7ed61c9 200500 wireshark_1.12.1+g01b65bf-4+deb8u16.debian.tar.xz c7af83abc4cbe6cb955cdf21bb7c2f30f95a4199441d464c7af3d1dd4a72906d 182822 wireshark-common_1.12.1+g01b65bf-4+deb8u16_amd64.deb 787c9622dd1008e4e50fc60f97c1b9b8d61cdbd5998f07b5139dc6c9655d7391 791494 wireshark_1.12.1+g01b65bf-4+deb8u16_amd64.deb b3e1003cccb6c213f450ed77873b5a6ea6ca6fbce4f22d814763b4d4caa93bf8 1064806 wireshark-qt_1.12.1+g01b65bf-4+deb8u16_amd64.deb ca8530a6962453af9f1a489fb8137647f88af2057a329bc26bf3c4c30ba75dc7 163570 tshark_1.12.1+g01b65bf-4+deb8u16_amd64.deb