Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 196
    • Merge Requests 196
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9763

Closed
Open
Opened Dec 12, 2018 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)

CVE-2018-19622: MMSE dissector infinite loop

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250

CVE-2018-19623: LBMPDM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132

CVE-2018-19624: PVFS dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280

CVE-2018-19625: Wireshark dissection engine crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466

CVE-2018-19626: DCOM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130

CVE-2018-19627: IxVeriWave file parser crash.

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279

CVE-2018-19628: ZigBee ZCL dissector crash

Affected versions: 2.6.0 to 2.6.4
Fixed versions: 2.6.5

References:

https://www.wireshark.org/security/wnpa-sec-2018-57.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281

(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)

  • Relations:
    • parent #9762 (closed)
  • Changesets:
    • Revision d0f7f9ff by Milan P. Stanić on 2019-01-01T08:48:05Z:
community/wireshark: security upgrade to 2.6.5

CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628

Fixes #9763

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.9.0
Milestone
3.9.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#9763