[Buildroot] [PATCH 1/1] package/wireshark: security bump to v3.2.2

Peter Korsgaard peter at korsgaard.com
Sat Mar 14 21:09:38 UTC 2020


>>>>> "Titouan" == Titouan Christophe <titouan.christophe at railnova.eu> writes:

 > This fixes the following CVEs:
 >  - CVE-2020-9428:
 >    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
 >    the EAP dissector could crash. This was addressed in
 >    epan/dissectors/packet-eap.c by using more careful sscanf parsing.

 >  - CVE-2020-9429:
 >    In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
 >    This was addressed in epan/dissectors/packet-wireguard.c by
 >    handling the situation where a certain data structure intentionally
 >    has a NULL value.

 >  - CVE-2020-9430:
 >    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
 >    the WiMax DLMAP dissector could crash.
 >    This was addressed in plugins/epan/wimax/msg_dlmap.c by validating
 >    a length field.

 >  - CVE-2020-9431:
 >    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
 >    the LTE RRC dissector could leak memory. This was addressed in
 >    epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.

 > Signed-off-by: Titouan Christophe <titouan.christophe at railnova.eu>

For 2019.11.x I have instead bumped to 3.0.15 and for 2019.02.x bumped
to 2.6.15, both fixing the same issues (except for CVE-2020-9429 which
only affects 3.2.x).

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list