{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20181549", "Version": "oval:org.altlinux.errata:def:20181549", "Class": "patch", "Metadata": { "Title": "ALT-PU-2018-1549: package `wireshark` update to version 2.5.1-alt1.S1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2018-1549", "RefURL": "https://errata.altlinux.org/ALT-PU-2018-1549", "Source": "ALTPU" }, { "RefID": "BDU:2019-00923", "RefURL": "https://bdu.fstec.ru/vul/2019-00923", "Source": "BDU" }, { "RefID": "BDU:2019-00924", "RefURL": "https://bdu.fstec.ru/vul/2019-00924", "Source": "BDU" }, { "RefID": "BDU:2019-00959", "RefURL": "https://bdu.fstec.ru/vul/2019-00959", "Source": "BDU" }, { "RefID": "BDU:2019-01258", "RefURL": "https://bdu.fstec.ru/vul/2019-01258", "Source": "BDU" }, { "RefID": "BDU:2019-01272", "RefURL": "https://bdu.fstec.ru/vul/2019-01272", "Source": "BDU" }, { "RefID": "BDU:2019-01273", "RefURL": "https://bdu.fstec.ru/vul/2019-01273", "Source": "BDU" }, { "RefID": "BDU:2019-01351", "RefURL": "https://bdu.fstec.ru/vul/2019-01351", "Source": "BDU" }, { "RefID": "BDU:2019-01551", "RefURL": "https://bdu.fstec.ru/vul/2019-01551", "Source": "BDU" }, { "RefID": "BDU:2019-01558", "RefURL": "https://bdu.fstec.ru/vul/2019-01558", "Source": "BDU" }, { "RefID": "BDU:2019-01559", "RefURL": "https://bdu.fstec.ru/vul/2019-01559", "Source": "BDU" }, { "RefID": "BDU:2019-01573", "RefURL": "https://bdu.fstec.ru/vul/2019-01573", "Source": "BDU" }, { "RefID": "BDU:2019-01574", "RefURL": "https://bdu.fstec.ru/vul/2019-01574", "Source": "BDU" }, { "RefID": "BDU:2020-02569", "RefURL": "https://bdu.fstec.ru/vul/2020-02569", "Source": "BDU" }, { "RefID": "BDU:2020-02570", "RefURL": "https://bdu.fstec.ru/vul/2020-02570", "Source": "BDU" }, { "RefID": "BDU:2020-02571", "RefURL": "https://bdu.fstec.ru/vul/2020-02571", "Source": "BDU" }, { "RefID": "BDU:2020-02572", "RefURL": "https://bdu.fstec.ru/vul/2020-02572", "Source": "BDU" }, { "RefID": "BDU:2020-02573", "RefURL": "https://bdu.fstec.ru/vul/2020-02573", "Source": "BDU" }, { "RefID": "BDU:2020-02574", "RefURL": "https://bdu.fstec.ru/vul/2020-02574", "Source": "BDU" }, { "RefID": "BDU:2020-02717", "RefURL": "https://bdu.fstec.ru/vul/2020-02717", "Source": "BDU" }, { "RefID": "BDU:2021-01494", "RefURL": "https://bdu.fstec.ru/vul/2021-01494", "Source": "BDU" }, { "RefID": "BDU:2021-01495", "RefURL": "https://bdu.fstec.ru/vul/2021-01495", "Source": "BDU" }, { "RefID": "CVE-2018-11356", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11356", "Source": "CVE" }, { "RefID": "CVE-2018-11357", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11357", "Source": "CVE" }, { "RefID": "CVE-2018-11358", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11358", "Source": "CVE" }, { "RefID": "CVE-2018-11359", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11359", "Source": "CVE" }, { "RefID": "CVE-2018-11360", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11360", "Source": "CVE" }, { "RefID": "CVE-2018-11362", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11362", "Source": "CVE" }, { "RefID": "CVE-2018-14339", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14339", "Source": "CVE" }, { "RefID": "CVE-2018-14340", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14340", "Source": "CVE" }, { "RefID": "CVE-2018-14341", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14341", "Source": "CVE" }, { "RefID": "CVE-2018-14342", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14342", "Source": "CVE" }, { "RefID": "CVE-2018-14343", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14343", "Source": "CVE" }, { "RefID": "CVE-2018-14344", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14344", "Source": "CVE" }, { "RefID": "CVE-2018-14367", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14367", "Source": "CVE" }, { "RefID": "CVE-2018-14368", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14368", "Source": "CVE" }, { "RefID": "CVE-2018-14369", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14369", "Source": "CVE" }, { "RefID": "CVE-2018-14370", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14370", "Source": "CVE" }, { "RefID": "CVE-2018-16056", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16056", "Source": "CVE" }, { "RefID": "CVE-2018-16057", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16057", "Source": "CVE" }, { "RefID": "CVE-2018-16058", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16058", "Source": "CVE" }, { "RefID": "CVE-2018-18227", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18227", "Source": "CVE" }, { "RefID": "CVE-2018-19622", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19622", "Source": "CVE" }, { "RefID": "CVE-2018-19623", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19623", "Source": "CVE" }, { "RefID": "CVE-2018-19624", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19624", "Source": "CVE" }, { "RefID": "CVE-2018-19625", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19625", "Source": "CVE" }, { "RefID": "CVE-2018-19626", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19626", "Source": "CVE" }, { "RefID": "CVE-2018-19627", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19627", "Source": "CVE" }, { "RefID": "CVE-2018-9256", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9256", "Source": "CVE" }, { "RefID": "CVE-2018-9257", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9257", "Source": "CVE" }, { "RefID": "CVE-2018-9258", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9258", "Source": "CVE" }, { "RefID": "CVE-2018-9259", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9259", "Source": "CVE" }, { "RefID": "CVE-2018-9260", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9260", "Source": "CVE" }, { "RefID": "CVE-2018-9261", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9261", "Source": "CVE" }, { "RefID": "CVE-2018-9262", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9262", "Source": "CVE" }, { "RefID": "CVE-2018-9263", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9263", "Source": "CVE" }, { "RefID": "CVE-2018-9264", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9264", "Source": "CVE" }, { "RefID": "CVE-2018-9265", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9265", "Source": "CVE" }, { "RefID": "CVE-2018-9266", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9266", "Source": "CVE" }, { "RefID": "CVE-2018-9267", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9267", "Source": "CVE" }, { "RefID": "CVE-2018-9268", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9268", "Source": "CVE" }, { "RefID": "CVE-2018-9269", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9269", "Source": "CVE" }, { "RefID": "CVE-2018-9270", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9270", "Source": "CVE" }, { "RefID": "CVE-2018-9271", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9271", "Source": "CVE" }, { "RefID": "CVE-2018-9272", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9272", "Source": "CVE" }, { "RefID": "CVE-2018-9273", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9273", "Source": "CVE" }, { "RefID": "CVE-2018-9274", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9274", "Source": "CVE" }, { "RefID": "CVE-2019-10894", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10894", "Source": "CVE" }, { "RefID": "CVE-2019-10895", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10895", "Source": "CVE" }, { "RefID": "CVE-2019-10896", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10896", "Source": "CVE" }, { "RefID": "CVE-2019-10899", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10899", "Source": "CVE" }, { "RefID": "CVE-2019-10901", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10901", "Source": "CVE" }, { "RefID": "CVE-2019-10903", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10903", "Source": "CVE" }, { "RefID": "CVE-2019-12295", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12295", "Source": "CVE" }, { "RefID": "CVE-2019-13619", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13619", "Source": "CVE" }, { "RefID": "CVE-2019-5717", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5717", "Source": "CVE" }, { "RefID": "CVE-2019-5718", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5718", "Source": "CVE" }, { "RefID": "CVE-2019-5719", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5719", "Source": "CVE" }, { "RefID": "CVE-2019-5721", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5721", "Source": "CVE" }, { "RefID": "CVE-2019-9208", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9208", "Source": "CVE" }, { "RefID": "CVE-2019-9209", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9209", "Source": "CVE" }, { "RefID": "CVE-2019-9214", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9214", "Source": "CVE" } ], "Description": "This update upgrades wireshark to version 2.5.1-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2019-00923: Уязвимость LBMPDM диссектора анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00924: Уязвимость MMSE диссектора анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00959: Уязвимость компонента IxVeriWave анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01258: Уязвимость программы-анализатора трафика Wireshark, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01272: Уязвимость программы-анализатора трафика Wireshark, связанная с чтением за пределами границ в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01273: Уязвимость программы-анализатора трафика Wireshark, связанная с чтением за пределами границ в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01351: Уязвимость диссектора RPCAP (epan/dissectors/packet-rpcap.c) анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01551: Уязвимость в диссекторе для протокола P_MUL программы-анализатора сетевого трафика Wireshark, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01558: Уязвимость диссектора RTSE программы-анализатора трафика Wireshark, связанная с чтением за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01559: Уязвимость диссектора ISAKMP программы-анализатора трафика Wireshark, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01573: Уязвимость компонента TCAP диссектора анализатора трафика компьютерных сетей Wireshark, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01574: Уязвимость компонента ASN.1 BER диссектора анализатора трафика компьютерных сетей Wireshark, связанная с выходом операции за границы памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02569: Уязвимость функции disct_gssapi_work (packet-gssapi.c) анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02570: Уязвимость модуля NetScaler (Netscaler.c) анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02571: Уязвимость компонента DOF Dissector анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02572: Уязвимость службы Service Location Protocol анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02573: Уязвимость службы Local Download Sharing Service анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02574: Уязвимость в диссекторе протокола Microsoft Spool Subsystem анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02717: Уязвимость диссектора ENIP анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01494: Уязвимость диссектора ASN.1 BER анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01495: Уязвимость компонента dissection engine анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-11356: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.\n\n * CVE-2018-11357: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.\n\n * CVE-2018-11358: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.\n\n * CVE-2018-11359: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.\n\n * CVE-2018-11360: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.\n\n * CVE-2018-11362: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\\0' character.\n\n * CVE-2018-14339: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.\n\n * CVE-2018-14340: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.\n\n * CVE-2018-14341: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.\n\n * CVE-2018-14342: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.\n\n * CVE-2018-14343: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.\n\n * CVE-2018-14344: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.\n\n * CVE-2018-14367: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.\n\n * CVE-2018-14368: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.\n\n * CVE-2018-14369: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.\n\n * CVE-2018-14370: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.\n\n * CVE-2018-16056: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.\n\n * CVE-2018-16057: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.\n\n * CVE-2018-16058: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.\n\n * CVE-2018-18227: In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.\n\n * CVE-2018-19622: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.\n\n * CVE-2018-19623: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.\n\n * CVE-2018-19624: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.\n\n * CVE-2018-19625: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.\n\n * CVE-2018-19626: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\\0' termination.\n\n * CVE-2018-19627: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.\n\n * CVE-2018-9256: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.\n\n * CVE-2018-9257: In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.\n\n * CVE-2018-9258: In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.\n\n * CVE-2018-9259: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.\n\n * CVE-2018-9260: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.\n\n * CVE-2018-9261: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.\n\n * CVE-2018-9262: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.\n\n * CVE-2018-9263: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.\n\n * CVE-2018-9264: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.\n\n * CVE-2018-9265: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.\n\n * CVE-2018-9266: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.\n\n * CVE-2018-9267: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.\n\n * CVE-2018-9268: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.\n\n * CVE-2018-9269: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.\n\n * CVE-2018-9270: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.\n\n * CVE-2018-9271: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.\n\n * CVE-2018-9272: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.\n\n * CVE-2018-9273: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.\n\n * CVE-2018-9274: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.\n\n * CVE-2019-10894: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.\n\n * CVE-2019-10895: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.\n\n * CVE-2019-10896: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.\n\n * CVE-2019-10899: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.\n\n * CVE-2019-10901: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.\n\n * CVE-2019-10903: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.\n\n * CVE-2019-12295: In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.\n\n * CVE-2019-13619: In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.\n\n * CVE-2019-5717: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.\n\n * CVE-2019-5718: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.\n\n * CVE-2019-5719: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.\n\n * CVE-2019-5721: In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.\n\n * CVE-2019-9208: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.\n\n * CVE-2019-9209: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.\n\n * CVE-2019-9214: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2018-04-03" }, "Updated": { "Date": "2018-04-03" }, "BDUs": [ { "ID": "BDU:2019-00923", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-189", "Href": "https://bdu.fstec.ru/vul/2019-00923", "Impact": "Low", "Public": "20180821" }, { "ID": "BDU:2019-00924", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-400", "Href": "https://bdu.fstec.ru/vul/2019-00924", "Impact": "Low", "Public": "20181031" }, { "ID": "BDU:2019-00959", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://bdu.fstec.ru/vul/2019-00959", "Impact": "Low", "Public": "20181128" }, { "ID": "BDU:2019-01258", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2019-01258", "Impact": "High", "Public": "20180908" }, { "ID": "BDU:2019-01272", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://bdu.fstec.ru/vul/2019-01272", "Impact": "Low", "Public": "20181128" }, { "ID": "BDU:2019-01273", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2019-01273", "Impact": "Low", "Public": "20181128" }, { "ID": "BDU:2019-01351", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2019-01351", "Impact": "High", "Public": "20190227" }, { "ID": "BDU:2019-01551", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2019-01551", "Impact": "Low", "Public": "20181206" }, { "ID": "BDU:2019-01558", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://bdu.fstec.ru/vul/2019-01558", "Impact": "Low", "Public": "20190108" }, { "ID": "BDU:2019-01559", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2019-01559", "Impact": "Low", "Public": "20190108" }, { "ID": "BDU:2019-01573", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2019-01573", "Impact": "High", "Public": "20190129" }, { "ID": "BDU:2019-01574", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2019-01574", "Impact": "High", "Public": "20190125" }, { "ID": "BDU:2020-02569", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-399", "Href": "https://bdu.fstec.ru/vul/2020-02569", "Impact": "High", "Public": "20190409" }, { "ID": "BDU:2020-02570", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2020-02570", "Impact": "High", "Public": "20190409" }, { "ID": "BDU:2020-02571", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-399", "Href": "https://bdu.fstec.ru/vul/2020-02571", "Impact": "High", "Public": "20190409" }, { "ID": "BDU:2020-02572", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2020-02572", "Impact": "High", "Public": "20190409" }, { "ID": "BDU:2020-02573", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2020-02573", "Impact": "High", "Public": "20190409" }, { "ID": "BDU:2020-02574", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-399", "Href": "https://bdu.fstec.ru/vul/2020-02574", "Impact": "High", "Public": "20190409" }, { "ID": "BDU:2020-02717", "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2020-02717", "Impact": "Low", "Public": "20190108" }, { "ID": "BDU:2021-01494", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2021-01494", "Impact": "High", "Public": "20190624" }, { "ID": "BDU:2021-01495", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-94", "Href": "https://bdu.fstec.ru/vul/2021-01495", "Impact": "High", "Public": "20190514" } ], "CVEs": [ { "ID": "CVE-2018-11356", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11356", "Impact": "High", "Public": "20180522" }, { "ID": "CVE-2018-11357", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11357", "Impact": "High", "Public": "20180522" }, { "ID": "CVE-2018-11358", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11358", "Impact": "High", "Public": "20180522" }, { "ID": "CVE-2018-11359", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11359", "Impact": "High", "Public": "20180522" }, { "ID": "CVE-2018-11360", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11360", "Impact": "High", "Public": "20180522" }, { "ID": "CVE-2018-11362", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11362", "Impact": "High", "Public": "20180522" }, { "ID": "CVE-2018-14339", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14339", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14340", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14340", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14341", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14341", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14342", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-834", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14342", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14343", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14343", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14344", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14344", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14367", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-252", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14367", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14368", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-835", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14368", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14369", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14369", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-14370", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14370", "Impact": "High", "Public": "20180719" }, { "ID": "CVE-2018-16056", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16056", "Impact": "High", "Public": "20180830" }, { "ID": "CVE-2018-16057", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16057", "Impact": "High", "Public": "20180830" }, { "ID": "CVE-2018-16058", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-665", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16058", "Impact": "High", "Public": "20180830" }, { "ID": "CVE-2018-18227", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18227", "Impact": "High", "Public": "20181012" }, { "ID": "CVE-2018-19622", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-835", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19622", "Impact": "High", "Public": "20181129" }, { "ID": "CVE-2018-19623", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19623", "Impact": "High", "Public": "20181129" }, { "ID": "CVE-2018-19624", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19624", "Impact": "Low", "Public": "20181129" }, { "ID": "CVE-2018-19625", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19625", "Impact": "Low", "Public": "20181129" }, { "ID": "CVE-2018-19626", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19626", "Impact": "Low", "Public": "20181129" }, { "ID": "CVE-2018-19627", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19627", "Impact": "High", "Public": "20181129" }, { "ID": "CVE-2018-9256", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9256", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9257", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-835", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9257", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9258", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9258", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9259", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9259", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9260", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9260", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9261", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-834", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9261", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9262", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9262", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9263", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9263", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9264", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9264", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9265", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9265", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9266", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9266", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9267", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9267", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9268", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9268", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9269", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9269", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9270", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9270", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9271", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9271", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9272", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9272", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9273", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9273", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2018-9274", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-772", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9274", "Impact": "High", "Public": "20180404" }, { "ID": "CVE-2019-10894", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-617", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10894", "Impact": "High", "Public": "20190409" }, { "ID": "CVE-2019-10895", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10895", "Impact": "High", "Public": "20190409" }, { "ID": "CVE-2019-10896", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10896", "Impact": "High", "Public": "20190409" }, { "ID": "CVE-2019-10899", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10899", "Impact": "High", "Public": "20190409" }, { "ID": "CVE-2019-10901", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10901", "Impact": "High", "Public": "20190409" }, { "ID": "CVE-2019-10903", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10903", "Impact": "High", "Public": "20190409" }, { "ID": "CVE-2019-12295", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-674", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12295", "Impact": "High", "Public": "20190523" }, { "ID": "CVE-2019-13619", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13619", "Impact": "High", "Public": "20190717" }, { "ID": "CVE-2019-5717", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5717", "Impact": "Low", "Public": "20190108" }, { "ID": "CVE-2019-5718", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5718", "Impact": "Low", "Public": "20190108" }, { "ID": "CVE-2019-5719", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-327", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5719", "Impact": "Low", "Public": "20190108" }, { "ID": "CVE-2019-5721", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5721", "Impact": "Low", "Public": "20190108" }, { "ID": "CVE-2019-9208", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9208", "Impact": "High", "Public": "20190228" }, { "ID": "CVE-2019-9209", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9209", "Impact": "Low", "Public": "20190228" }, { "ID": "CVE-2019-9214", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9214", "Impact": "High", "Public": "20190228" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20181549001", "Comment": "libwiretap is earlier than 0:2.5.1-alt1.S1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181549002", "Comment": "libwiretap-devel is earlier than 0:2.5.1-alt1.S1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181549003", "Comment": "tshark is earlier than 0:2.5.1-alt1.S1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181549004", "Comment": "wireshark-base is earlier than 0:2.5.1-alt1.S1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181549005", "Comment": "wireshark-doc is earlier than 0:2.5.1-alt1.S1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181549006", "Comment": "wireshark-gtk+ is earlier than 0:2.5.1-alt1.S1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181549007", "Comment": "wireshark-qt5 is earlier than 0:2.5.1-alt1.S1" } ] } ] } } ] }