Wireshark Security Update for Debian 7 Extended LTS
Posted on: 04/15/2019 07:14 AM

Updated wireshark packages has been released for Debian GNU/Linux 7 Extended LTS

Wireshark Security Update for Debian 7 Extended LTS

Package: wireshark
Version: 1.12.1+g01b65bf-4+deb8u6~deb7u16
Related CVE: CVE-2019-10899 CVE-2019-10901 CVE-2019-10903
Several vulnerabilities have been found in wireshark, a network traffic analyzer.

CVE-2019-10899: heap based buffer under-read in the SRVLOC dissector.

CVE-2019-10901: NULL pointer dereference in the LDSS dissector.

CVE-2019-10903: missing boundary checks causing Resource Management Errors in the DCERPC SPOOLSS dissector.

These vulnerabilities might be leveraged by remote attackers to cause denial of service (DoS) via a crafted packet or PCAP file.

For Debian 7 Wheezy, these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u16.

We recommend that you upgrade your wireshark packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/wireshark_security_update_for_debian_7_extended_lts_385d.html)