Gentoo FoundationMGASA-2018-0151Updated wireshark packages fix security vulnerabilities
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.2%
The SIGCOMP dissector could crash (CVE-2018-7320). Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible (CVE-2018-7321,CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333). The UMTS MAC dissector could crash (CVE-2018-7334). The IEEE 802.11 dissector could crash (CVE-2018-7335) The FCP dissector could crash (CVE-2018-7336). The IPMI dissector could crash (CVE-2018-7417). The SIGCOMP dissector could crash (CVE-2018-7418). The NBAP disssector could crash (CVE-2018-7419). The pcapng file parser could crash (CVE-2018-7420). The LWAPP dissector could crash (CVE-2018-9256). The MP4 dissector could crash (CVE-2018-9259). The IEEE 802.15.4 dissector could crash (CVE-2018-9260). The NBAP dissector could crash (CVE-2018-9261). The VLAN dissector could crash (CVE-2018-9262). The Kerberos dissector could crash (CVE-2018-9263). The ADB dissector could crash (CVE-2018-9264). Memory leaks in multiple dissectors (CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | wireshark | < 2.2.14-1 | wireshark-2.2.14-1.mga6 |
References
bugs.mageia.org/show_bug.cgi?id=22643
lists.opensuse.org/opensuse-updates/2018-04/msg00015.html
www.wireshark.org/docs/relnotes/wireshark-2.2.13.html
www.wireshark.org/docs/relnotes/wireshark-2.2.14.html
www.wireshark.org/news/20180223.html
www.wireshark.org/news/20180403.html
www.wireshark.org/security/wnpa-sec-2018-05.html
www.wireshark.org/security/wnpa-sec-2018-06.html
www.wireshark.org/security/wnpa-sec-2018-07.html
www.wireshark.org/security/wnpa-sec-2018-09.html
www.wireshark.org/security/wnpa-sec-2018-10.html
www.wireshark.org/security/wnpa-sec-2018-11.html
www.wireshark.org/security/wnpa-sec-2018-12.html
www.wireshark.org/security/wnpa-sec-2018-13.html
www.wireshark.org/security/wnpa-sec-2018-14.html
www.wireshark.org/security/wnpa-sec-2018-15.html
www.wireshark.org/security/wnpa-sec-2018-16.html
www.wireshark.org/security/wnpa-sec-2018-17.html
www.wireshark.org/security/wnpa-sec-2018-18.html
www.wireshark.org/security/wnpa-sec-2018-19.html
www.wireshark.org/security/wnpa-sec-2018-20.html
www.wireshark.org/security/wnpa-sec-2018-23.html
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.2%