Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.3181
wireshark security update
5 June 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: wireshark
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2023-2952 CVE-2023-2879 CVE-2023-2858
CVE-2023-2856
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html
Comment: CVSS (Max): 7.5 CVE-2023-2879 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: [NVD], Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-3443-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
June 03, 2023 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : wireshark
Version : 2.6.20-0+deb10u7
CVE ID : CVE-2023-2856 CVE-2023-2858 CVE-2023-2879 CVE-2023-2952
Several vulnerabilities were fixed in the network traffic analyzer Wireshark.
CVE-2023-2856
VMS TCPIPtrace file parser crash
CVE-2023-2858
NetScaler file parser crash
CVE-2023-2879
GDSDB infinite loop
CVE-2023-2952
XRA dissector infinite loop
For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u7.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmR7al4ACgkQiNJCh6LY
mLFJAA/9ExrJ3MmOC50fnlIppkSDpLkd8Zgw4aYZgnl5bndRFidextFF2rAuCYdD
H0kGmBRaOUFl0saNdsUoMARgWTV+K8uY8pBy6xasTbDZhPxSPOfzTXAQUNlgtvg5
04BbiFHqkyn3KG8od2iMDLQz0SRJJCuQLLOMupS494hCm9S7YFPXJQIXR1V2ukaG
P9NFe84rGVbO7+5E5WkUDil1yhuy6uTXl3ja9mk26b6PUXL6W0Fp8iEE0yo/jz/h
5H6qS4t57x/NnKizUiPJNRhNE0rYGiSVumL3mn9U8KFtbUd3NpGVJlNfsTVQFqK9
WygUYg+YbdN7c8w3M1HBF+OKTj1o3h5/8yqbLQbDWjM+RxkOoXcmJKOFV/a/k8PN
Yet+YQHBAy5aJVftwJbTQGBGmelmgYBjt0rmQhYAjWLYC4ZIHA59PeSa5FlI4f7b
NzOB39Q0CrEws2tlK/pOVGjsPRCtG85FAI6ACD97VGRAqjdUPvkMRreQw1y1Ks+K
7BqeTUSoKwMYTHDk2+xc/J4iYE7C5kLGUeMrmGqqOaodP4MzuvJl4rowkTn/FWyX
3NowQuU+0famaLB0oaR0f+n47NzUqVySYsS32CYNbM3e5KA0xeHJLuHEbT+n1tLv
Ab8vAp4Gtm5YuxLxhZ1nD3WyR7hITYej7OGVt1UL/Oinl+dgkRo=
=0K2X
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZH1KsckNZI30y1K9AQgy7Q//SzpItIHO+4ke7zuUOgDadydv7VHmcHgV
18MX1izqe9bEMSDECPDoC3/34efXP16TTNx5QfKQa41z1q4VP6jLdi1AJjF2Zac5
xFJ+eHJOeCmz5F5Nwf44m2rcYBvbJ6UikLB7v8ok+UzU3ufPzssEV/XFAAfsHsfX
jK4fJ6gjWJRAqjjCQbPoLLHjyg6l4YSMNNeJWeaBLImpDpYCwUrPbFdYnCtA7Hfb
u81fuuRWqIxqxMNcVFbrtTtVLxOS6RVGKNuVMJkmWji7fQmbVjSFsgmJeyqnNKca
UzvpIgxNgC91twXCGrmXjjEtK8jStgf7GVEehMdZqwr/JMwrDRt/OM246s6no4Un
mdu1blEJrYF3YquAhQuTQcDsbp7c4BG5dL4/hHq3+WXjb4gWdNkGnpZe/GYslgGv
1BdQuwAzLhml7/aqCYi+K8n5BEN7udpSzxq3vKtrtznRrfL2E/S1C0U4peDoLw+o
dNKrpQNUSZprajUsieaRVgNShVJNg/rDdyqdH/NmN9ClQtSlHYUT7pbA0fBnzpv+
BMLEowhBMMo8VTssZepegXN2fCHuBrYRkgRi8cX2U1EZOubrzYOZidUj/Im+Ny+n
/82nABO6OkWSD/X93BNi0eVLcsIgO/eE/yAQW7x0Ng5lDX6uD87tORahVZHY65MH
G3CWbvFWIqU=
=0oSW
-----END PGP SIGNATURE-----