Lucene search

DebianDEBIAN:DLA-3443-1:E6A7C

HistoryJun 03, 2023 - 4:29 p.m.

[SECURITY] [DLA 3443-1] wireshark security update

2023-06-0316:29:18

lists.debian.org

cve-2023-2858

cve-2023-2952

cve-2023-2879

debian

network traffic analyzer

debian lts

security update

wireshark

cve-2023-2856

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

Debian LTS Advisory DLA-3443-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
June 03, 2023 https://wiki.debian.org/LTS

Package : wireshark
Version : 2.6.20-0+deb10u7
CVE ID : CVE-2023-2856 CVE-2023-2858 CVE-2023-2879 CVE-2023-2952

Several vulnerabilities were fixed in the network traffic analyzer Wireshark.

CVE-2023-2856

VMS TCPIPtrace file parser crash

CVE-2023-2858

NetScaler file parser crash

CVE-2023-2879

GDSDB infinite loop

CVE-2023-2952

XRA dissector infinite loop

For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u7.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian12s390xlibwsutil14< 4.0.6-1~deb12u1libwsutil14_4.0.6-1~deb12u1_s390x.deb
Debian12mipselwireshark< 4.0.6-1~deb12u1wireshark_4.0.6-1~deb12u1_mipsel.deb
Debian12armellibwireshark16< 4.0.6-1~deb12u1libwireshark16_4.0.6-1~deb12u1_armel.deb
Debian10allwireshark< 2.6.20-0+deb10u7wireshark_2.6.20-0+deb10u7_all.deb
Debian12arm64libwireshark-dev< 4.0.6-1~deb12u1libwireshark-dev_4.0.6-1~deb12u1_arm64.deb
Debian12armhfwireshark< 4.0.6-1~deb12u1wireshark_4.0.6-1~deb12u1_armhf.deb
Debian10i386wireshark< 2.6.20-0+deb10u7wireshark_2.6.20-0+deb10u7_i386.deb
Debian12s390xwireshark-common-dbgsym< 4.0.6-1~deb12u1wireshark-common-dbgsym_4.0.6-1~deb12u1_s390x.deb
Debian10i386libwireshark-dev< 2.6.20-0+deb10u7libwireshark-dev_2.6.20-0+deb10u7_i386.deb
Debian12armhflibwireshark16-dbgsym< 4.0.6-1~deb12u1libwireshark16-dbgsym_4.0.6-1~deb12u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	s390x	libwsutil14	< 4.0.6-1~deb12u1	libwsutil14_4.0.6-1~deb12u1_s390x.deb
Debian	12	mipsel	wireshark	< 4.0.6-1~deb12u1	wireshark_4.0.6-1~deb12u1_mipsel.deb
Debian	12	armel	libwireshark16	< 4.0.6-1~deb12u1	libwireshark16_4.0.6-1~deb12u1_armel.deb
Debian	10	all	wireshark	< 2.6.20-0+deb10u7	wireshark_2.6.20-0+deb10u7_all.deb
Debian	12	arm64	libwireshark-dev	< 4.0.6-1~deb12u1	libwireshark-dev_4.0.6-1~deb12u1_arm64.deb
Debian	12	armhf	wireshark	< 4.0.6-1~deb12u1	wireshark_4.0.6-1~deb12u1_armhf.deb
Debian	10	i386	wireshark	< 2.6.20-0+deb10u7	wireshark_2.6.20-0+deb10u7_i386.deb
Debian	12	s390x	wireshark-common-dbgsym	< 4.0.6-1~deb12u1	wireshark-common-dbgsym_4.0.6-1~deb12u1_s390x.deb
Debian	10	i386	libwireshark-dev	< 2.6.20-0+deb10u7	libwireshark-dev_2.6.20-0+deb10u7_i386.deb
Debian	12	armhf	libwireshark16-dbgsym	< 4.0.6-1~deb12u1	libwireshark16-dbgsym_4.0.6-1~deb12u1_armhf.deb