Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.6859
wireshark security update
20 November 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: wireshark
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2023-6175 CVE-2023-6174
Original Bulletin:
https://lists.debian.org/debian-security-announce/2023/msg00255.html
Comment: CVSS (Max): 6.6 CVE-2023-6175 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)
CVSS Source: GitLab Inc., [Red Hat]
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5559-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 19, 2023 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : wireshark
CVE ID : CVE-2023-6174 CVE-2023-6175
A vulnerability was discovered in the SSH dissector of Wireshark, a
network protocol analyzer, which could result in denial of service or
potentially the execution of arbitrary code.
For the stable distribution (bookworm), these problems have been fixed in
version 4.0.11-1~deb12u1.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVaYm8ACgkQEMKTtsN8
Tjbp5A//TSNrnxYrdW4XklOocknIwdtDtzt3AcXA6MLRlWmXnR9I3JWAnfWG84ez
lXM/p3kLRN2bzfYVqhL2MpCNQzDyrTpx+0GWSImkPy520WlIrC64GHOqffIffDeF
+28bQfdhbI13Kcfc9F7/PLIA9VvzqoFPHlCVdJhxvaCCJHBN2HefNC4fnEKlpU+Z
I/68nzvzZsJG5K3tcdUp9BDYr8eRqmfWwuIteTBqfZ13ohvU8lYK6TNZah+NiGoS
UmLGtf/5QMXeytiIVDkul5+b206ckvotm2EZQXtZntjZijPbLI1Fh8rPAuVDEbmB
QOwYYc7OKlNDKl3GM2bnMXbJaNDBJ2YJk2hO5OfTankrnY54LX7R3D0WBhsDRb7X
4tx9shgWOm23aigUj0ebR5jVmaDMYAOMEr5U9juPa8LBRu9gQWRbuuwADTcjsGQi
YhjqKoGrCErSInuQUyNSgmyBQgeA4uQipSLpQozt42u2CfBJb5te+sI/USF9xK6x
usF5BZK+5leinGLQyDd/wMn8gx/UzbDcvjuT3XMek+1fJjVfzLehorwt+Ck4yXc9
edKRFS86ZRVSchFVmZUFREGszNQAwWUbtlXfeLBIF8yNqp7E9qTMyjBpCplk/Vnb
3va6wJhMCYTUAgBYVjQ2P6tCPyQJHB8HrXgexcBluGBuu1q2b4M=
=sLQ/
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZVq8UckNZI30y1K9AQhEZA//fxwHzZyuZWPks+Ci/mMddHp18w/Ajh3G
sH5InIYmj4Ev/NUi6FGVKsvQhhwwknItop0X/pQcdsl+kDQsM7CjKmJ/G4r9BSvI
H8bHNjepDaujuZNkw+YoigDy1XDYRT02w7PYFX3CSzdogR+3lkk161D0MA5RsEjW
WkpbLFcYT/CPt4a4WO9NSTpKrt4ItYS08I0Qu5F+1rJU7MSxED+NKwHo7z7i/0gw
ioxZvjQDdPZCGodQOApsaHnmeIAein7m121RmXk+tjbTEpfVo12NDJlGX/KtyoAh
2ZybZVl+mdqVLO+uoEy4olVRt7rD3tmJ+QyXdG9WCGvxaRrrs0a9MYRxSC/qFiQ7
cBrsxxjWR28JusY8TGYzY1Shf4v6dGuWDFFZt/dzzeckqPC7efAO0j44Va1dp3HP
sJlE3PjAeVHFKgcjhmWnpEYZZ39p3sPazMP51CwPgWqBLedCwIW3g3VUiu0myZtM
f2iLNOys01mrxJpXGDMezV2+T6fsHKgrmLLiDVAVWKWhOt1lFLhOOxvvMZrR1dNk
JKuc0id/iEKHeSsS6Y8y09uHOH+Yo/guUXKYqfnPU1l2BdDs4hpKAQFBc5KPpKFo
DjcxzPjZh30cLczqauSQ/zfAkPmtXtEI2TYfCpdd8pD9vzkp4iawVQ+TZ5kgSM1n
XI/TVd2x9Lo=
=LciY
-----END PGP SIGNATURE-----