DebianDEBIAN:DLA-2547-1:C57F2[SECURITY] [DLA 2547-1] wireshark security update
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
42.2%
Debian LTS Advisory DLA-2547-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
February 06, 2021 https://wiki.debian.org/LTS
Package : wireshark
Version : 2.6.20-0+deb9u1
CVE ID : CVE-2019-13619 CVE-2019-16319 CVE-2019-19553 CVE-2020-7045
CVE-2020-9428 CVE-2020-9430 CVE-2020-9431 CVE-2020-11647
CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863
CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030
Debian Bug : 958213 974688 974689
Several vulnerabilities were fixed in Wireshark, a network sniffer.
CVE-2019-13619
ASN.1 BER and related dissectors crash.
CVE-2019-16319
The Gryphon dissector could go into an infinite loop.
CVE-2019-19553
The CMS dissector could crash.
CVE-2020-7045
The BT ATT dissector could crash.
CVE-2020-9428
The EAP dissector could crash.
CVE-2020-9430
The WiMax DLMAP dissector could crash.
CVE-2020-9431
The LTE RRC dissector could leak memory.
CVE-2020-11647
The BACapp dissector could crash.
CVE-2020-13164
The NFS dissector could crash.
CVE-2020-15466
The GVCP dissector could go into an infinite loop.
CVE-2020-25862
The TCP dissector could crash.
CVE-2020-25863
The MIME Multipart dissector could crash.
CVE-2020-26418
Memory leak in the Kafka protocol dissector.
CVE-2020-26421
Crash in USB HID protocol dissector.
CVE-2020-26575
The Facebook Zero Protocol (aka FBZERO) dissector
could enter an infinite loop.
CVE-2020-28030
The GQUIC dissector could crash.
For Debian 9 stretch, these problems have been fixed in version
2.6.20-0+deb9u1.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | arm64 | tshark | < 2.6.20-0+deb9u1 | tshark_2.6.20-0+deb9u1_arm64.deb |
| Debian | 10 | mips64el | wireshark-gtk-dbgsym | < 2.6.20-0+deb10u1 | wireshark-gtk-dbgsym_2.6.20-0+deb10u1_mips64el.deb |
| Debian | 10 | arm64 | libwsutil9 | < 2.6.20-0+deb10u1 | libwsutil9_2.6.20-0+deb10u1_arm64.deb |
| Debian | 10 | mipsel | libwsutil9 | < 2.6.20-0+deb10u1 | libwsutil9_2.6.20-0+deb10u1_mipsel.deb |
| Debian | 10 | mips64el | libwscodecs2 | < 2.6.20-0+deb10u1 | libwscodecs2_2.6.20-0+deb10u1_mips64el.deb |
| Debian | 10 | amd64 | libwsutil-dev | < 2.6.20-0+deb10u1 | libwsutil-dev_2.6.20-0+deb10u1_amd64.deb |
| Debian | 10 | ppc64el | wireshark-common-dbgsym | < 2.6.20-0+deb10u1 | wireshark-common-dbgsym_2.6.20-0+deb10u1_ppc64el.deb |
| Debian | 10 | mips64el | libwiretap8-dbgsym | < 2.6.20-0+deb10u1 | libwiretap8-dbgsym_2.6.20-0+deb10u1_mips64el.deb |
| Debian | 9 | i386 | libwsutil9 | < 2.6.20-0+deb9u1 | libwsutil9_2.6.20-0+deb9u1_i386.deb |
| Debian | 9 | amd64 | tshark | < 2.6.20-0+deb9u1 | tshark_2.6.20-0+deb9u1_amd64.deb |
Related
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
42.2%