ALT-BU-2019-3706-1
Branch p8 update bulletin.
Closed vulnerabilities
BDU:2020-02569
Уязвимость функции disct_gssapi_work (packet-gssapi.c) анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02570
Уязвимость модуля NetScaler (Netscaler.c) анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02571
Уязвимость компонента DOF Dissector анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02572
Уязвимость службы Service Location Protocol анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02573
Уязвимость службы Local Download Sharing Service анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02574
Уязвимость в диссекторе протокола Microsoft Spool Subsystem анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01495
Уязвимость компонента dissection engine анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-10894
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-14.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-14.html
Modified: 2024-11-21
CVE-2019-10895
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2fbbde780e5d5d82e31dca656217daf278cf62bb
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-09.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2fbbde780e5d5d82e31dca656217daf278cf62bb
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-09.html
Modified: 2024-11-21
CVE-2019-10896
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=441b6d9071d6341e58dfe10719375489c5b8e3f0
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-15.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=441b6d9071d6341e58dfe10719375489c5b8e3f0
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-15.html
Modified: 2024-11-21
CVE-2019-10899
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b16fea2f175a3297edac118c8844c7987d31c1cb
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-10.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b16fea2f175a3297edac118c8844c7987d31c1cb
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-10.html
Modified: 2024-11-21
CVE-2019-10901
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-17.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-17.html
Modified: 2024-11-21
CVE-2019-10903
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-18.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/107834
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
- https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
- https://usn.ubuntu.com/3986-1/
- https://www.wireshark.org/security/wnpa-sec-2019-18.html
Modified: 2024-11-21
CVE-2019-12295
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
- http://www.securityfocus.com/bid/108464
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7b6e197da4c497e229ed3ebf6952bae5c426a820
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://support.f5.com/csp/article/K06725231
- https://support.f5.com/csp/article/K06725231?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4133-1/
- https://www.wireshark.org/security/wnpa-sec-2019-19.html
- http://www.securityfocus.com/bid/108464
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7b6e197da4c497e229ed3ebf6952bae5c426a820
- https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
- https://support.f5.com/csp/article/K06725231
- https://support.f5.com/csp/article/K06725231?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4133-1/
- https://www.wireshark.org/security/wnpa-sec-2019-19.html