[SECURITY] [DSA 2871-1] wireshark security update

2014-03-1014:50:39

lists.debian.org

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.952 High

EPSS

Percentile

99.3%

JSON

Debian Security Advisory DSA-2871-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
March 10, 2014 http://www.debian.org/security/faq

Package : wireshark
CVE ID : CVE-2014-2281 CVE-2014-2283 CVE-2014-2299

Multiple vulnerabilities were discovered in Wireshark:

CVE-2014-2281

Moshe Kaplan discovered that the NFS dissector could be crashed,
resulting in denial of service.

CVE-2014-2283

It was discovered that the RLC dissector could be crashed, resulting 
in denial of service.

CVE-2014-2299

Wesley Neelen discovered a buffer overflow in the MPEG file parser,
which could lead to the execution of arbitrary code.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1.2.11-6+squeeze14.

For the stable distribution (wheezy), these problems have been fixed in
version 1.8.2-5wheezy10.

For the unstable distribution (sid), these problems have been fixed in
version 1.10.6-1.

We recommend that you upgrade your wireshark packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7s390libwireshark2< 1.8.2-5wheezy10libwireshark2_1.8.2-5wheezy10_s390.deb
Debian6kfreebsd-amd64wireshark-common< 1.2.11-6+squeeze14wireshark-common_1.2.11-6+squeeze14_kfreebsd-amd64.deb
Debian7armhfwireshark-dev< 1.8.2-5wheezy10wireshark-dev_1.8.2-5wheezy10_armhf.deb
Debian7s390xlibwireshark2< 1.8.2-5wheezy10libwireshark2_1.8.2-5wheezy10_s390x.deb
Debian6mipselwireshark-dev< 1.2.11-6+squeeze14wireshark-dev_1.2.11-6+squeeze14_mipsel.deb
Debian6kfreebsd-i386wireshark-dbg< 1.2.11-6+squeeze14wireshark-dbg_1.2.11-6+squeeze14_kfreebsd-i386.deb
Debian7powerpclibwiretap-dev< 1.8.2-5wheezy10libwiretap-dev_1.8.2-5wheezy10_powerpc.deb
Debian6amd64wireshark-dev< 1.2.11-6+squeeze14wireshark-dev_1.2.11-6+squeeze14_amd64.deb
Debian7kfreebsd-amd64libwsutil-dev< 1.8.2-5wheezy10libwsutil-dev_1.8.2-5wheezy10_kfreebsd-amd64.deb
Debian7armelwireshark-common< 1.8.2-5wheezy10wireshark-common_1.8.2-5wheezy10_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	s390	libwireshark2	< 1.8.2-5wheezy10	libwireshark2_1.8.2-5wheezy10_s390.deb
Debian	6	kfreebsd-amd64	wireshark-common	< 1.2.11-6+squeeze14	wireshark-common_1.2.11-6+squeeze14_kfreebsd-amd64.deb
Debian	7	armhf	wireshark-dev	< 1.8.2-5wheezy10	wireshark-dev_1.8.2-5wheezy10_armhf.deb
Debian	7	s390x	libwireshark2	< 1.8.2-5wheezy10	libwireshark2_1.8.2-5wheezy10_s390x.deb
Debian	6	mipsel	wireshark-dev	< 1.2.11-6+squeeze14	wireshark-dev_1.2.11-6+squeeze14_mipsel.deb
Debian	6	kfreebsd-i386	wireshark-dbg	< 1.2.11-6+squeeze14	wireshark-dbg_1.2.11-6+squeeze14_kfreebsd-i386.deb
Debian	7	powerpc	libwiretap-dev	< 1.8.2-5wheezy10	libwiretap-dev_1.8.2-5wheezy10_powerpc.deb
Debian	6	amd64	wireshark-dev	< 1.2.11-6+squeeze14	wireshark-dev_1.2.11-6+squeeze14_amd64.deb
Debian	7	kfreebsd-amd64	libwsutil-dev	< 1.8.2-5wheezy10	libwsutil-dev_1.8.2-5wheezy10_kfreebsd-amd64.deb
Debian	7	armel	wireshark-common	< 1.8.2-5wheezy10	wireshark-common_1.8.2-5wheezy10_armel.deb