[3.9] wireshark: Multiple vulnerabilities (CVE-2019-10894, CVE-2019-10895, CVE-2019-10896, CVE-2019-10899, CVE-2019-10901, CVE-2019-10903)
CVE-2019-10894: GSS-API dissector crash
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
References:
https://www.wireshark.org/security/wnpa-sec-2019-14.html
CVE-2019-10895: NetScaler file parser crash
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
References:
https://www.wireshark.org/security/wnpa-sec-2019-09.html
CVE-2019-10896: DOF dissector crash
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
References:
https://www.wireshark.org/security/wnpa-sec-2019-15.html
CVE-2019-10899: SRVLOC dissector crash
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
References:
https://www.wireshark.org/security/wnpa-sec-2019-10.html
CVE-2019-10901: LDSS dissector crash
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
References:
https://www.wireshark.org/security/wnpa-sec-2019-17.html
CVE-2019-10903: DCERPC SPOOLSS dissector crash
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
References:
https://www.wireshark.org/security/wnpa-sec-2019-18.html
(from redmine: issue id 10322, created on 2019-04-24, closed on 2019-05-01)
- Changesets:
- Revision ef58f692 on 2019-04-29T12:18:20Z:
community/wireshark: security upgrade to 2.6.8
CVE-2019-10894, CVE-2019-10895, CVE-2019-10896, CVE-2019-10899, CVE-2019-10901, CVE-2019-10903
Fixes #10322