Debian Security Advisory

DLA-1645-1 wireshark -- LTS security update

Date Reported:
28 Jan 2019
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2019-5716, CVE-2019-5717, CVE-2019-5719.
More information:

Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of:

  • ISAKMP, a Internet Security Association and Key Management Protocol
  • P_MUL, a reliable multicast transfer protocol
  • 6LoWPAN, IPv6 over Low power Wireless Personal Area Network

are affected.

  • CVE-2019-5719

    Mateusz Jurczyk found that a missing encryption block in a packet could crash the ISAKMP dissector.

  • CVE-2019-5717

    It was found that the P_MUL dissector could crash when a malformed packet contains an illegal Data PDU sequence number of 0. Such a packet may not be analysed.

  • CVE-2019-5716

    It was found that the 6LoWPAN dissector could crash when a malformed packet does not contain IPHC information though the header says it should.

For Debian 8 Jessie, these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u17.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: