[3.7] wireshark:: Multiple vulnerabilities (CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9267, CVE-2018-9259)
CVE-2018-9256: LWAPP dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
References:
https://www.wireshark.org/security/wnpa-sec-2018-20.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9256?cpeVersion=2.2
CVE-2018-9257: CQL infinite loop
Affected versions: 2.4.0 to 2.4.5
Fixed versions: 2.4.6
References:
https://www.wireshark.org/security/wnpa-sec-2018-22.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9257
CVE-2018-9258: TCP dissector crash
Affected versions: 2.4.0 to 2.4.5
Fixed versions: 2.4.6
References:
https://www.wireshark.org/security/wnpa-sec-2018-21.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9258
CVE-2018-9260: IEEE 802.15.4 dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
References:
https://www.wireshark.org/security/wnpa-sec-2018-17.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9260
CVE-2018-9261: NBAP dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
References:
https://www.wireshark.org/security/wnpa-sec-2018-18.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9261
CVE-2018-9262: VLAN dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
References:
https://www.wireshark.org/security/wnpa-sec-2018-19.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9262
CVE-2018-9263: Kerberos dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
References:
https://www.wireshark.org/security/wnpa-sec-2018-23.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9263
CVE-2018-9264: ADB dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
References:
https://www.wireshark.org/security/wnpa-sec-2018-16.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9264
CVE-2018-9267: Memory leaks in multiple dissectors
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
https://www.wireshark.org/security/wnpa-sec-2018-24.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9267
CVE-2018-9259: MP4 dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
References:
https://www.wireshark.org/security/wnpa-sec-2018-15.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9259
(from redmine: issue id 8822, created on 2018-04-20, closed on 2018-05-02)
- Relations:
- copied_to #8821 (closed)
- parent #8821 (closed)
- Changesets:
- Revision 82f356f8 on 2018-04-30T19:34:48Z:
community/wireshark: security upgrade to 2.4.6
CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260,
CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264,
CVE-2018-9267, CVE-2018-10194
Fixes #8822