Debian Long Term Support / LTS Security Information / 2019 / Security Information -- DLA-1645-1 wireshark

Debian Security Advisory

DLA-1645-1 wireshark -- LTS security update

Date Reported:

28 Jan 2019

Affected Packages:

wireshark

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-5716, CVE-2019-5717, CVE-2019-5719.

More information:

Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of:

• ISAKMP, a Internet Security Association and Key Management Protocol
• P_MUL, a reliable multicast transfer protocol
• 6LoWPAN, IPv6 over Low power Wireless Personal Area Network

are affected.

• CVE-2019-5719

  Mateusz Jurczyk found that a missing encryption block in a packet could crash the ISAKMP dissector.

• CVE-2019-5717

  It was found that the P_MUL dissector could crash when a malformed packet contains an illegal Data PDU sequence number of 0. Such a packet may not be analysed.

• CVE-2019-5716

  It was found that the 6LoWPAN dissector could crash when a malformed packet does not contain IPHC information though the header says it should.

For Debian 8 Jessie, these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u17.

We recommend that you upgrade your wireshark packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS