wireshark-1.10.14-24.el7

エラータID: AXSA:2020-4562:01

Release date: 
Thursday, April 2, 2020 - 08:06
Subject: 
wireshark-1.10.14-24.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network.

Security Fix(es):

* wireshark: Out-of-bounds read in packet-ldss.c (CVE-2018-11362)

* wireshark: Multiple dissectors could crash (wnpa-sec-2018-36) (CVE-2018-14340)

* wireshark: DICOM dissector infinite loop (wnpa-sec-2018-39) (CVE-2018-14341)

* wireshark: Bazaar dissector infinite loop (wnpa-sec-2018-40) (CVE-2018-14368)

* wireshark: SIGCOMP dissector crash in packet-sigcomp.c (CVE-2018-7418)

* wireshark: Radiotap dissector crash (CVE-2018-16057)

* wireshark: Infinite loop in the MMSE dissector (CVE-2018-19622)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2018-11362
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
CVE-2018-14340
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14341
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14368
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
CVE-2018-16057
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
CVE-2018-19622
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
CVE-2018-7418
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.

Solution: 

Update packages.

CVEs: 
CVE-2018-11362
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
CVE-2018-14340
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14341
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14368
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
CVE-2018-16057
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
CVE-2018-19622
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
CVE-2018-7418
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
Additional Info: 

N/A

Download: 

SRPMS
  1. wireshark-1.10.14-24.el7.src.rpm
    MD5: 95d8276660357409c4673e87cf575b64
    SHA-256: eeac8ae4861c3b56771c2a310811b19284acba53c61c24f970d7322c8b8ce18f
    Size: 25.72 MB

Asianux Server 7 for x86_64
  1. wireshark-1.10.14-24.el7.x86_64.rpm
    MD5: 7789c903c84624b235ddd104b2def106
    SHA-256: 9a7ad4a0ed3d5dd82c814a0b13f177db623ca989d3312fc8a2710212f0551137
    Size: 12.51 MB
  2. wireshark-gnome-1.10.14-24.el7.x86_64.rpm
    MD5: a31cec168ecbef91a57ec548039d157e
    SHA-256: 6691a830fe44207b53b0a3c312fc1e42d8ce3912741c797af6837374fadbf0d5
    Size: 910.93 kB
  3. wireshark-1.10.14-24.el7.i686.rpm
    MD5: bea31de323a09957476d485da4aa65e5
    SHA-256: 2bd5e4aab4e021ecc4424efe1ad2358459cf1767a042df530c3edb24cc5a227e
    Size: 10.83 MB