[3.8] wireshark:: Multiple vulnerabilities (CVE-2018-11356, CVE-2018-11357, CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-2018-11362)
CVE-2018-11356: DNS dissector crash
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
References:
https://www.wireshark.org/security/wnpa-sec-2018-29.html
CVE-2018-11357: Multiple dissectors could consume excessive memory
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-28.html
CVE-2018-11358: Q.931 dissector crash
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-31.html
CVE-2018-11359: Multiple dissectors could crash
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
References:
https://www.wireshark.org/security/wnpa-sec-2018-33.html
CVE-2018-11360: GSM A DTAP dissector crash
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-30.html
CVE-2018-11362: LDSS dissector crash
Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14
Fixed versions: 2.6.1, 2.4.7, 2.2.15
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-25.html
(from redmine: issue id 8931, created on 2018-05-24, closed on 2018-06-12)
- Relations:
- copied_to #8930 (closed)
- parent #8930 (closed)
- Changesets:
- Revision 215ab32e on 2018-06-11T08:14:56Z:
community/wireshark: security upgrade to 2.4.7
CVE-2018-11356, CVE-2018-11357, CVE-2018-11358,
CVE-2018-11359, CVE-2018-11360, CVE-2018-11362
Fixes #8931