Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0424 wireshark security update 8 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wireshark Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-28030 CVE-2020-26575 CVE-2020-26421 CVE-2020-26418 CVE-2020-25863 CVE-2020-25862 CVE-2020-15466 CVE-2020-13164 CVE-2020-11647 CVE-2020-9431 CVE-2020-9430 CVE-2020-9428 CVE-2020-7045 CVE-2019-19553 CVE-2019-16319 CVE-2019-13619 Reference: ESB-2020.4121 ESB-2020.3920 ESB-2020.1295 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2547-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 06, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : wireshark Version : 2.6.20-0+deb9u1 CVE ID : CVE-2019-13619 CVE-2019-16319 CVE-2019-19553 CVE-2020-7045 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030 Debian Bug : 958213 974688 974689 Several vulnerabilities were fixed in Wireshark, a network sniffer. CVE-2019-13619 ASN.1 BER and related dissectors crash. CVE-2019-16319 The Gryphon dissector could go into an infinite loop. CVE-2019-19553 The CMS dissector could crash. CVE-2020-7045 The BT ATT dissector could crash. CVE-2020-9428 The EAP dissector could crash. CVE-2020-9430 The WiMax DLMAP dissector could crash. CVE-2020-9431 The LTE RRC dissector could leak memory. CVE-2020-11647 The BACapp dissector could crash. CVE-2020-13164 The NFS dissector could crash. CVE-2020-15466 The GVCP dissector could go into an infinite loop. CVE-2020-25862 The TCP dissector could crash. CVE-2020-25863 The MIME Multipart dissector could crash. CVE-2020-26418 Memory leak in the Kafka protocol dissector. CVE-2020-26421 Crash in USB HID protocol dissector. CVE-2020-26575 The Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. CVE-2020-28030 The GQUIC dissector could crash. For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u1. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmAe/OcACgkQiNJCh6LY mLHeUxAAprtNtAcO4sZ1bVL6OCpLZyd0HxQ5lFPFpvZWaCzXXDcngk9419kfVDFI /tbgssx0HKVhcyrqTyb9JJ+WIkTYLt01aR9JmGZX4TBzu2n3el/qyp66iPRhAibn AtEGIy6FVvqoTXEGTJseRVMssPXjdNKTlYI9qCdZd/UbGS6yhjvjz3BEWTb66C9A dBpZrOIEO5kMotL2tahWmySvqbxfL7W14XNks3o1d8IK2hJg0YZi8+1InrIYFmRl FF+nNTswxHfEerR4r893MTFc7mbX+B8ehYfFBQpOSKquvP04f/k0sJGOuatg0z5s XGQ9PDKEbW0dSH9MGghw4UsUEvhpkGhf1z/iEFbffY8bf0Yq18j/+27zTmg+arV7 10NGXnn4qSg6MZ0wQFxo1noTerhXIAW/6+Uf1KrG5SrAEH+Pp8sJsrALRog7lPa7 bQJaqWsQdyfNBTuoPmKjQMkJtr5Lw0N5v+ro4SB0g4I2KGRYTaTD9bWq4es7jHD6 IpcLx6HO2uZX6osTiErZVcTDDYy23EDe/Tu9p9PF1TN3ACybMQfaUcov3zfRTnlI ZeWJOMOTx47X+b11uVKETp1eGlovYRuSnfukjp5amVFITcn8lB5rmzhqp5Dgo14p Zcr2ahh4LDTO9NFliKf0Dh4wQstehE6f94/mkqqxOfakIMMZLJw= =ds+T - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCCa3eNLKJtyKPYoAQjSOQ/9G/LwQ452G13YDXzTQ6+CDI7qYpht7eNY RGZcdGZQQAt2imCluFILPV5+CaTQmJT8QS1IRt/gKS2PcvbdLt0ZdAWyk/4M2d3I EiA1lMSrUsIqu7hQ0uAIr4CY+jplsFGdqfAZ1Lj87Gxp2W258JuD3XBvfecj5bu1 pPmoDc1FeJKGaafQF+PeNgSLE4LOmaFIHKl610bm9D2yWbHgqfCny9UmFOTb6eMY ZQt5p+5DR/7n8F7D/or7gsCM0aJrPGdT6zQ/n4y0s2xBK+dLYAWZsO9rbcH0xQ2r Q6dYWonSPzxOPqk/hJjj6LHWi5yTaY+wxpocVvsGWWJbrdgZvXcBsWN0P0nIom5S OIbGWUgIGK6zzfQaOjnkpWZ85Ek+DJSh9QZ1Im50C6ih2iXgfdLGWPYGMDDA9fuI 1YloS7yPesWmTlse7yTibyPeBBWU5OZbti6oibQbO2cCiEsA3gQzyML7yM8W3B4Z z2jBfd7H/ejpHclsnqhjOnFaMAvq8ZJRTROolgm24O1bwsQaUv/YY/O5supeu4yc cQyWckVnM/VfJ1MNBnt4d57E5lFBcipj48Cm0VYlrNJICKkrc0hDXHeB82MdFLgo TdHjprZJU877L+kRmgGCKM+M9wf14jdv5po5JGnZNOTwf3Y0mQdJgHi/Sth+AbMe zUU6DTG2L2g= =i4mk -----END PGP SIGNATURE-----