[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628) (#9763) · Issues · alpine / aports

[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)

CVE-2018-19622: MMSE dissector infinite loop

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250

CVE-2018-19623: LBMPDM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132

CVE-2018-19624: PVFS dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280

CVE-2018-19625: Wireshark dissection engine crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466

CVE-2018-19626: DCOM dissector crash

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130

CVE-2018-19627: IxVeriWave file parser crash.

Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11

References:

https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279

CVE-2018-19628: ZigBee ZCL dissector crash

Affected versions: 2.6.0 to 2.6.4
Fixed versions: 2.6.5

References:

https://www.wireshark.org/security/wnpa-sec-2018-57.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281

(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)

Relations:
- parent #9762 (closed)
Changesets:
- Revision d0f7f9ff by Milan P. Stanić on 2019-01-01T08:48:05Z:

community/wireshark: security upgrade to 2.6.5

CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628

Fixes #9763

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information