Gentoo FoundationMGASA-2018-0151Updated wireshark packages fix security vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.8%
The SIGCOMP dissector could crash (CVE-2018-7320). Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible (CVE-2018-7321,CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333). The UMTS MAC dissector could crash (CVE-2018-7334). The IEEE 802.11 dissector could crash (CVE-2018-7335) The FCP dissector could crash (CVE-2018-7336). The IPMI dissector could crash (CVE-2018-7417). The SIGCOMP dissector could crash (CVE-2018-7418). The NBAP disssector could crash (CVE-2018-7419). The pcapng file parser could crash (CVE-2018-7420). The LWAPP dissector could crash (CVE-2018-9256). The MP4 dissector could crash (CVE-2018-9259). The IEEE 802.15.4 dissector could crash (CVE-2018-9260). The NBAP dissector could crash (CVE-2018-9261). The VLAN dissector could crash (CVE-2018-9262). The Kerberos dissector could crash (CVE-2018-9263). The ADB dissector could crash (CVE-2018-9264). Memory leaks in multiple dissectors (CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | wireshark | < 2.2.14-1 | wireshark-2.2.14-1.mga6 |
References
bugs.mageia.org/show_bug.cgi?id=22643
lists.opensuse.org/opensuse-updates/2018-04/msg00015.html
www.wireshark.org/docs/relnotes/wireshark-2.2.13.html
www.wireshark.org/docs/relnotes/wireshark-2.2.14.html
www.wireshark.org/news/20180223.html
www.wireshark.org/news/20180403.html
www.wireshark.org/security/wnpa-sec-2018-05.html
www.wireshark.org/security/wnpa-sec-2018-06.html
www.wireshark.org/security/wnpa-sec-2018-07.html
www.wireshark.org/security/wnpa-sec-2018-09.html
www.wireshark.org/security/wnpa-sec-2018-10.html
www.wireshark.org/security/wnpa-sec-2018-11.html
www.wireshark.org/security/wnpa-sec-2018-12.html
www.wireshark.org/security/wnpa-sec-2018-13.html
www.wireshark.org/security/wnpa-sec-2018-14.html
www.wireshark.org/security/wnpa-sec-2018-15.html
www.wireshark.org/security/wnpa-sec-2018-16.html
www.wireshark.org/security/wnpa-sec-2018-17.html
www.wireshark.org/security/wnpa-sec-2018-18.html
www.wireshark.org/security/wnpa-sec-2018-19.html
www.wireshark.org/security/wnpa-sec-2018-20.html
www.wireshark.org/security/wnpa-sec-2018-23.html
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.8%