SB2019040938 - Fedora 30 update for wireshark 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019040938

SB2019040938 - Fedora 30 update for wireshark

Published: April 9, 2019 Updated: April 24, 2025

Security Bulletin ID SB2019040938
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2019-10894)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.


2) Input validation error (CVE-ID: CVE-2019-10895)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.


3) Resource management error (CVE-ID: CVE-2019-10896)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.


4) Resource management error (CVE-ID: CVE-2019-10897)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.


5) Resource management error (CVE-ID: CVE-2019-10898)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.


6) Buffer overflow (CVE-ID: CVE-2019-10899)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.


7) Resource management error (CVE-ID: CVE-2019-10900)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.


8) NULL pointer dereference (CVE-ID: CVE-2019-10901)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.


9) Resource management error (CVE-ID: CVE-2019-10902)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.


10) Resource management error (CVE-ID: CVE-2019-10903)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.


Remediation

Install update from vendor's website.

References