wireshark - security update


Multiple security vulnerabilities have been discovered in Wireshark, a network traffic analyzer. An attacker could cause a denial of service (infinite loop or application crash) via packet injection or a crafted capture file. Improper URL handling in Wireshark could also allow remote code execution. A double-click will no longer automatically open the URL in pcap(ng) files and instead copy it to the clipboard where it can be inspected and pasted to the browser's address bar. For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u3. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/wireshark> Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>

Affected Software

CPE Name Name Version
wireshark 2.2.6+g32dac6a-2+deb9u3
wireshark 2.4.1-1
wireshark 2.4.5-1
wireshark 2.4.2-1
wireshark 2.6.4-2
wireshark 2.6.6-1
wireshark 2.6.7-1
wireshark 2.6.10-1
wireshark 2.6.2-1
wireshark 2.6.9-1
wireshark 2.2.6+g32dac6a-2
wireshark 2.2.6+g32dac6a-2+deb9u2
wireshark 2.4.0-1
wireshark 2.6.8-1
wireshark 2.6.5-1
wireshark 2.6.20-0+deb9u1
wireshark 2.2.6+g32dac6a-2+deb9u1
wireshark 2.6.20-0+deb9u2
wireshark 2.6.7-1~deb9u1
wireshark 2.6.2-2
wireshark 2.6.8-1.1
wireshark 2.6.4-1
wireshark 2.6.1-1
wireshark 2.6.3-1
wireshark 2.2.7-1
wireshark 2.6.8-1.1~deb9u1
wireshark 2.6.3-1~deb9u1
wireshark 2.4.3-1
wireshark 2.4.6-1
wireshark 2.4.4-1
wireshark 2.6.5-1~deb9u1