ELA-118-1 wireshark security update

heap based out of bounds read and write issues

2019-05-21
Packagewireshark
Version1.12.1+g01b65bf-4+deb8u6~deb7u17
Related CVEs CVE-2019-10894 CVE-2019-10895

Several vulnerabilities have been found in wireshark, a network traffic analyzer.

CVE-2019-10894: assertion failure leading to crash.

CVE-2019-10895: large number of heap buffer overflows read and write in NetScaler trace handling.

These vulnerabilities might be leveraged by remote attackers to cause denial of service (DoS) via a crafted packet or PCAP file.

For Debian 7 Wheezy, these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u17.

We recommend that you upgrade your wireshark packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/