Arch Linux update for wireshark-cli

Published: 2019-01-10 14:55:45
Severity Low
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2019-5716
CVE-2019-5717
CVE-2019-5718
CVE-2019-5719
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software Arch Linux
Vulnerable software versions Arch Linux -
Vendor URL Arch Linux

Security Advisory

1) Input validation error

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the 6LoWPAN dissector to crash.

Remediation

Update the affected package wireshark-cli to version 2.6.6-1.

External links

https://security.archlinux.org/advisory/ASA-201901-5

2) Input validation error

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the P_MUL dissector to crash.

Remediation

Update the affected package wireshark-cli to version 2.6.6-1.

External links

https://security.archlinux.org/advisory/ASA-201901-5

3) Input validation error

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the RTSE dissector and other ASN.1 dissectors to crash.

Remediation

Update the affected package wireshark-cli to version 2.6.6-1.

External links

https://security.archlinux.org/advisory/ASA-201901-5

4) Input validation error

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the ISAKMP dissector to crash.

Remediation

Update the affected package wireshark-cli to version 2.6.6-1.

External links

https://security.archlinux.org/advisory/ASA-201901-5

Back to List