[SECURITY] [DLA 826-1] wireshark security update

2017-02-1723:03:37

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

69.4%

JSON

Package : wireshark
Version : 1.12.1+g01b65bf-4+deb8u6~deb7u6
CVE ID : CVE-2017-6014
Debian Bug : 855408

It was discovered that there was denial of service vulnerability in wireshark,
a network traffic analyzer.

A malformed NATO Ground Moving Target Indicator Format ("STANAG 4607") capture
file could cause a memory exhausion/infinite loop.

For Debian 7 "Wheezy", this issue has been fixed in wireshark version
1.12.1+g01b65bf-4+deb8u6~deb7u6.

We recommend that you upgrade your wireshark packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8arm64libwsutil4< 1.12.1+g01b65bf-4+deb8u11libwsutil4_1.12.1+g01b65bf-4+deb8u11_arm64.deb
Debian8kfreebsd-i386libwireshark5< 1.12.1+g01b65bf-4+deb8u11libwireshark5_1.12.1+g01b65bf-4+deb8u11_kfreebsd-i386.deb
Debian7armellibwireshark5< 1.12.1+g01b65bf-4+deb8u6~deb7u6libwireshark5_1.12.1+g01b65bf-4+deb8u6~deb7u6_armel.deb
Debian7amd64wireshark< 1.12.1+g01b65bf-4+deb8u6~deb7u6wireshark_1.12.1+g01b65bf-4+deb8u6~deb7u6_amd64.deb
Debian7armellibwiretap-dev< 1.12.1+g01b65bf-4+deb8u6~deb7u6libwiretap-dev_1.12.1+g01b65bf-4+deb8u6~deb7u6_armel.deb
Debian7armellibwsutil4< 1.12.1+g01b65bf-4+deb8u6~deb7u6libwsutil4_1.12.1+g01b65bf-4+deb8u6~deb7u6_armel.deb
Debian8powerpclibwsutil4< 1.12.1+g01b65bf-4+deb8u11libwsutil4_1.12.1+g01b65bf-4+deb8u11_powerpc.deb
Debian8ppc64ellibwsutil-dev< 1.12.1+g01b65bf-4+deb8u11libwsutil-dev_1.12.1+g01b65bf-4+deb8u11_ppc64el.deb
Debian8kfreebsd-i386wireshark-dbg< 1.12.1+g01b65bf-4+deb8u11wireshark-dbg_1.12.1+g01b65bf-4+deb8u11_kfreebsd-i386.deb
Debian8kfreebsd-amd64wireshark< 1.12.1+g01b65bf-4+deb8u11wireshark_1.12.1+g01b65bf-4+deb8u11_kfreebsd-amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	arm64	libwsutil4	< 1.12.1+g01b65bf-4+deb8u11	libwsutil4_1.12.1+g01b65bf-4+deb8u11_arm64.deb
Debian	8	kfreebsd-i386	libwireshark5	< 1.12.1+g01b65bf-4+deb8u11	libwireshark5_1.12.1+g01b65bf-4+deb8u11_kfreebsd-i386.deb
Debian	7	armel	libwireshark5	< 1.12.1+g01b65bf-4+deb8u6~deb7u6	libwireshark5_1.12.1+g01b65bf-4+deb8u6~deb7u6_armel.deb
Debian	7	amd64	wireshark	< 1.12.1+g01b65bf-4+deb8u6~deb7u6	wireshark_1.12.1+g01b65bf-4+deb8u6~deb7u6_amd64.deb
Debian	7	armel	libwiretap-dev	< 1.12.1+g01b65bf-4+deb8u6~deb7u6	libwiretap-dev_1.12.1+g01b65bf-4+deb8u6~deb7u6_armel.deb
Debian	7	armel	libwsutil4	< 1.12.1+g01b65bf-4+deb8u6~deb7u6	libwsutil4_1.12.1+g01b65bf-4+deb8u6~deb7u6_armel.deb
Debian	8	powerpc	libwsutil4	< 1.12.1+g01b65bf-4+deb8u11	libwsutil4_1.12.1+g01b65bf-4+deb8u11_powerpc.deb
Debian	8	ppc64el	libwsutil-dev	< 1.12.1+g01b65bf-4+deb8u11	libwsutil-dev_1.12.1+g01b65bf-4+deb8u11_ppc64el.deb
Debian	8	kfreebsd-i386	wireshark-dbg	< 1.12.1+g01b65bf-4+deb8u11	wireshark-dbg_1.12.1+g01b65bf-4+deb8u11_kfreebsd-i386.deb
Debian	8	kfreebsd-amd64	wireshark	< 1.12.1+g01b65bf-4+deb8u11	wireshark_1.12.1+g01b65bf-4+deb8u11_kfreebsd-amd64.deb