[Buildroot] [PATCH 1/1] package/wireshark: security bump to v3.2.2
Peter Korsgaard
peter at korsgaard.com
Sat Mar 14 21:09:38 UTC 2020
>>>>> "Titouan" == Titouan Christophe <titouan.christophe at railnova.eu> writes:
> This fixes the following CVEs:
> - CVE-2020-9428:
> In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
> the EAP dissector could crash. This was addressed in
> epan/dissectors/packet-eap.c by using more careful sscanf parsing.
> - CVE-2020-9429:
> In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
> This was addressed in epan/dissectors/packet-wireguard.c by
> handling the situation where a certain data structure intentionally
> has a NULL value.
> - CVE-2020-9430:
> In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
> the WiMax DLMAP dissector could crash.
> This was addressed in plugins/epan/wimax/msg_dlmap.c by validating
> a length field.
> - CVE-2020-9431:
> In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
> the LTE RRC dissector could leak memory. This was addressed in
> epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
> Signed-off-by: Titouan Christophe <titouan.christophe at railnova.eu>
For 2019.11.x I have instead bumped to 3.0.15 and for 2019.02.x bumped
to 2.6.15, both fixing the same issues (except for CVE-2020-9429 which
only affects 3.2.x).
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list