[arch-security] [ASA-201608-20] wireshark-cli: denial of service
Arch Linux Security Advisory ASA-201608-20 ========================================== Severity: Low Date : 2016-08-27 CVE-ID : CVE-2016-6505 CVE-2016-6506 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 CVE-2016-6512 CVE-2016-6513 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package wireshark-cli before version 2.0.5-1 is vulnerable to denial of service. Resolution ========== Upgrade to 2.0.5-1. # pacman -Syu "wireshark-cli>=2.0.5-1" The problem has been fixed upstream in version 2.0.5. Workaround ========== None. Description =========== - CVE-2016-6505 (denial of service) It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6506 (denial of service) It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6508 (denial of service) It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6509 (denial of service) It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6510 (denial of service) It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6511 (denial of service) It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6512 (denial of service) It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2016-6513 (denial of service) It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Impact ====== A remote attacker is able to crash or make wireshark consume excessive CPU resources by injecting a malformed packet or convincing someone to read a malformed packet trace. References ========== https://access.redhat.com/security/cve/CVE-2016-6505 https://access.redhat.com/security/cve/CVE-2016-6506 https://access.redhat.com/security/cve/CVE-2016-6508 https://access.redhat.com/security/cve/CVE-2016-6509 https://access.redhat.com/security/cve/CVE-2016-6510 https://access.redhat.com/security/cve/CVE-2016-6511 https://access.redhat.com/security/cve/CVE-2016-6512 https://access.redhat.com/security/cve/CVE-2016-6513 http://www.wireshark.org/security/wnpa-sec-2016-41.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45... http://www.wireshark.org/security/wnpa-sec-2016-42.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d52568... http://www.wireshark.org/security/wnpa-sec-2016-44.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616d... http://www.wireshark.org/security/wnpa-sec-2016-45.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc... http://www.wireshark.org/security/wnpa-sec-2016-46.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa85... http://www.wireshark.org/security/wnpa-sec-2016-47.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427... http://www.wireshark.org/security/wnpa-sec-2016-48.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3... http://www.wireshark.org/security/wnpa-sec-2016-49.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f...
participants (1)
-
Christian Rebischke