logo
DATABASE RESOURCES PRICING ABOUT US

Medium: wireshark

Description

**Issue Overview:** In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. (CVE-2018-16057) In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. (CVE-2018-19622) In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. (CVE-2018-14368 ) In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. (CVE-2018-14340) In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. (CVE-2018-14341) In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. (CVE-2018-11362) In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. (CVE-2018-7418) **Affected Packages:** wireshark **Issue Correction:** Run _yum update wireshark_ to update your system. **New Packages:** aarch64:     wireshark-1.10.14-24.amzn2.aarch64     wireshark-gnome-1.10.14-24.amzn2.aarch64     wireshark-devel-1.10.14-24.amzn2.aarch64     wireshark-debuginfo-1.10.14-24.amzn2.aarch64 i686:     wireshark-1.10.14-24.amzn2.i686     wireshark-gnome-1.10.14-24.amzn2.i686     wireshark-devel-1.10.14-24.amzn2.i686     wireshark-debuginfo-1.10.14-24.amzn2.i686 src:     wireshark-1.10.14-24.amzn2.src x86_64:     wireshark-1.10.14-24.amzn2.x86_64     wireshark-gnome-1.10.14-24.amzn2.x86_64     wireshark-devel-1.10.14-24.amzn2.x86_64     wireshark-debuginfo-1.10.14-24.amzn2.x86_64 ### Additional References Red Hat: [CVE-2018-11362](<https://access.redhat.com/security/cve/CVE-2018-11362>), [CVE-2018-14340](<https://access.redhat.com/security/cve/CVE-2018-14340>), [CVE-2018-14341](<https://access.redhat.com/security/cve/CVE-2018-14341>), [CVE-2018-14368](<https://access.redhat.com/security/cve/CVE-2018-14368>), [CVE-2018-16057](<https://access.redhat.com/security/cve/CVE-2018-16057>), [CVE-2018-19622](<https://access.redhat.com/security/cve/CVE-2018-19622>), [CVE-2018-7418](<https://access.redhat.com/security/cve/CVE-2018-7418>) Mitre: [CVE-2018-11362](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11362>), [CVE-2018-14340](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14340>), [CVE-2018-14341](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14341>), [CVE-2018-14368](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14368>), [CVE-2018-16057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16057>), [CVE-2018-19622](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19622>), [CVE-2018-7418](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7418>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 wireshark 1.10.14-24.amzn2
Amazon Linux 2 wireshark-gnome 1.10.14-24.amzn2
Amazon Linux 2 wireshark-devel 1.10.14-24.amzn2
Amazon Linux 2 wireshark-debuginfo 1.10.14-24.amzn2
Amazon Linux 2 wireshark 1.10.14-24.amzn2
Amazon Linux 2 wireshark-gnome 1.10.14-24.amzn2
Amazon Linux 2 wireshark-devel 1.10.14-24.amzn2
Amazon Linux 2 wireshark-debuginfo 1.10.14-24.amzn2
Amazon Linux 2 wireshark 1.10.14-24.amzn2
Amazon Linux 2 wireshark 1.10.14-24.amzn2
Amazon Linux 2 wireshark-gnome 1.10.14-24.amzn2
Amazon Linux 2 wireshark-devel 1.10.14-24.amzn2
Amazon Linux 2 wireshark-debuginfo 1.10.14-24.amzn2

Related