[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628) (#9763) · Issues · alpine / aports

[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)

CVE-2018-19622: MMSE dissector infinite loop

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250

CVE-2018-19623: LBMPDM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132

CVE-2018-19624: PVFS dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280

CVE-2018-19625: Wireshark dissection engine crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466

CVE-2018-19626: DCOM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130

CVE-2018-19627: IxVeriWave file parser crash.

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279

CVE-2018-19628: ZigBee ZCL dissector crash

Affected versions: 2.6.0 to 2.6.4
Fixed versions: 2.6.5

References:

https://www.wireshark.org/security/wnpa-sec-2018-57.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281

(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)

Relations:
- parent #9762 (closed)
Changesets:
- Revision d0f7f9ff by Milan P. Stanić on 2019-01-01T08:48:05Z:

community/wireshark: security upgrade to 2.6.5

CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628

Fixes #9763

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>

### CVE-2018-19622: MMSE dissector infinite loop

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10  
Fixed versions: 2.6.5, 2.4.11

### References:

https://www.wireshark.org/security/wnpa-sec-2018-54.html  
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250

### CVE-2018-19623: LBMPDM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10  
Fixed versions: 2.6.5, 2.4.11

### References:

https://www.wireshark.org/security/wnpa-sec-2018-53.html  
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132

### CVE-2018-19624: PVFS dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10  
Fixed versions: 2.6.5, 2.4.11

### References:

https://www.wireshark.org/security/wnpa-sec-2018-56.html  
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280

### CVE-2018-19625: Wireshark dissection engine crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10  
Fixed versions: 2.6.5, 2.4.11

### References:

https://www.wireshark.org/security/wnpa-sec-2018-51.html  
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466

### CVE-2018-19626: DCOM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10  
Fixed versions: 2.6.5, 2.4.11

### References:

https://www.wireshark.org/security/wnpa-sec-2018-52.html  
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130

### CVE-2018-19627: IxVeriWave file parser crash.

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10  
Fixed versions: 2.6.5, 2.4.11

### References:

https://www.wireshark.org/security/wnpa-sec-2018-55.html  
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279

### CVE-2018-19628: ZigBee ZCL dissector crash

Affected versions: 2.6.0 to 2.6.4  
Fixed versions: 2.6.5

### References:

https://www.wireshark.org/security/wnpa-sec-2018-57.html  
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281

*(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)*

* Relations:
  * parent #9762
* Changesets:
  * Revision d0f7f9ff6bb890cdeda8dcc9bce15ad49d4d8205 by Milan P. Stanić on 2019-01-01T08:48:05Z:

```
community/wireshark: security upgrade to 2.6.5

CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628

Fixes #9763

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information