[3.10] wireshark: dissection engine crash (CVE-2019-12295) (#10501) · Issues · alpine / aports

[3.10] wireshark: dissection engine crash (CVE-2019-12295)

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.

Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versions: 3.0.2, 2.6.9, 2.4.15

References:

https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15778

(from redmine: issue id 10501, created on 2019-05-28, closed on 2019-06-05)

Relations:
- parent #10500 (closed)
Changesets:
- Revision e5bce08f by Natanael Copa on 2019-06-04T13:38:25Z:

community/wireshark: security upgrade to 3.0.2 (CVE-2019-12295)

fixes #10501

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information