ASA-202004-10 log generated external raw

[ASA-202004-10] wireshark-cli: arbitrary code execution
Arch Linux Security Advisory ASA-202004-10 ========================================== Severity: Critical Date : 2020-04-09 CVE-ID : CVE-2020-11647 Package : wireshark-cli Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1129 Summary ======= The package wireshark-cli before version 3.2.3-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.2.3-1. # pacman -Syu "wireshark-cli>=3.2.3-1" The problem has been fixed upstream in version 3.2.3. Workaround ========== None. Description =========== A stack overflow has been found in the fAbstractSyntaxNType function of the BACApp dissector of Wireshark versions prior to 3.2.3, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Impact ====== A remote attacker might be able to execute arbitrary code or crash wireshark via a crafted network packet or a capture file. References ========== https://www.wireshark.org/security/wnpa-sec-2020-07 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 https://security.archlinux.org/CVE-2020-11647

[ASA-202004-10] wireshark-cli: arbitrary code execution

Arch Linux Security Advisory ASA-202004-10 ========================================== Severity: Critical Date : 2020-04-09 CVE-ID : CVE-2020-11647 Package : wireshark-cli Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1129 Summary ======= The package wireshark-cli before version 3.2.3-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.2.3-1. # pacman -Syu "wireshark-cli>=3.2.3-1" The problem has been fixed upstream in version 3.2.3. Workaround ========== None. Description =========== A stack overflow has been found in the fAbstractSyntaxNType function of the BACApp dissector of Wireshark versions prior to 3.2.3, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Impact ====== A remote attacker might be able to execute arbitrary code or crash wireshark via a crafted network packet or a capture file. References ========== https://www.wireshark.org/security/wnpa-sec-2020-07 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 https://security.archlinux.org/CVE-2020-11647