ELA-1188-1 wireshark security update

multiple vulnerabilities

2024-09-30
Packagewireshark
Version2.6.20-0+deb10u9~deb9u1 (stretch), 2.6.20-0+deb10u9 (buster)
Related CVEs CVE-2023-0667 CVE-2023-3649 CVE-2023-4512 CVE-2024-0211 CVE-2024-2955 CVE-2024-4853 CVE-2024-4854 CVE-2024-8250 CVE-2024-8645


Multiple vulnerabilities have been fixed in the network traffic analyzer Wireshark.

CVE-2023-0667

MSMMS dissector buffer overflow

CVE-2023-3649

iSCSI dissector crash

CVE-2023-4512

CBOR dissector crash

CVE-2024-0211

DOCSIS dissector crash

CVE-2024-2955

T.38 dissector crash

CVE-2024-4853

Editcap byte chopping crash

CVE-2024-4854

MONGO dissector infinite loop

CVE-2024-8250

NTLMSSP dissector crash

CVE-2024-8645

SPRT dissector crash


For Debian 10 buster, these problems have been fixed in version 2.6.20-0+deb10u9.

For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb10u9~deb9u1.

We recommend that you upgrade your wireshark packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.