Subject: [ASA-201805-23] wireshark-qt: multiple issues Arch Linux Security Advisory ASA-201805-23 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-qt Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-708 Summary ======= The package wireshark-qt before version 2.6.1-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. Resolution ========== Upgrade to 2.6.1-1. # pacman -Syu "wireshark-qt>=2.6.1-1" The problems have been fixed upstream in version 2.6.1. Workaround ========== None. Description =========== - CVE-2018-11354 (information disclosure) An out-of-bounds read has been found in the IEEE 1905.1a dissector of Wireshark <= 2.6.0. - CVE-2018-11355 (arbitrary code execution) A heap-based buffer overflow has been found in the RTCP dissector of Wireshark <= 2.6.0. - CVE-2018-11356 (denial of service) A null-pointer dereference has been found in the DNS dissector of Wireshark <= 2.6.0. - CVE-2018-11357 (denial of service) An integer overflow leading to excessive memory allocation has been found in several dissectors of Wireshark <= 2.6.0. - CVE-2018-11358 (arbitrary code execution) A heap-based use-after-free has been found in the Q.931 dissector of Wireshark <= 2.6.0. - CVE-2018-11359 (denial of service) A null-pointer dereference has been found in several dissectors of Wireshark <= 2.6.0. - CVE-2018-11360 (arbitrary code execution) A heap-based off-by-one write has been found in the GSM A DTAP dissector of Wireshark <= 2.6.0. - CVE-2018-11361 (denial of service) A heap-based out-of-bounds read has been found in the IEEE 802.11 dissector of Wireshark <= 2.6.0. - CVE-2018-11362 (information disclosure) An out-of-bounds read has been found in the LDSS dissector of Wireshark <= 2.6.0. Impact ====== A remote attacker can crash the application, access sensitive information present in memory or execute arbitrary code on the affected host via a specially crafted network packet or by convincing a local user to open a specially crafted PCAP file. References ========== https://www.wireshark.org/security/wnpa-sec-2018-26.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647 https://www.wireshark.org/security/wnpa-sec-2018-27.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673 https://www.wireshark.org/security/wnpa-sec-2018-29.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681 https://www.wireshark.org/security/wnpa-sec-2018-28.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678 https://www.wireshark.org/security/wnpa-sec-2018-31.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689 https://www.wireshark.org/security/wnpa-sec-2018-33.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703 https://www.wireshark.org/security/wnpa-sec-2018-30.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688 https://www.wireshark.org/security/wnpa-sec-2018-32.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686 https://www.wireshark.org/security/wnpa-sec-2018-25.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615 https://security.archlinux.org/CVE-2018-11354 https://security.archlinux.org/CVE-2018-11355 https://security.archlinux.org/CVE-2018-11356 https://security.archlinux.org/CVE-2018-11357 https://security.archlinux.org/CVE-2018-11358 https://security.archlinux.org/CVE-2018-11359 https://security.archlinux.org/CVE-2018-11360 https://security.archlinux.org/CVE-2018-11361 https://security.archlinux.org/CVE-2018-11362