1. Ubuntu Security Notices
  2. USN-6262-1

USN-6262-1: Wireshark vulnerabilities

Publication date

31 July 2023

Overview

Several security issues were fixed in Wireshark.

Releases

Packages

  • wireshark - network traffic analyzer - meta-package

Details

It was discovered that Wireshark did not properly handle certain
NFS packages when certain configuration options were enabled.
An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. (CVE-2020-13164)

It was discovered that Wireshark did not properly handle certain GVCP
packages. An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-15466)

It was discovered that Wireshark did not properly handle certain
Kafka packages. An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-17498)

It was discovered that Wireshark did not properly handle certain...

It was discovered that Wireshark did not properly handle certain
NFS packages when certain configuration options were enabled.
An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. (CVE-2020-13164)

It was discovered that Wireshark did not properly handle certain GVCP
packages. An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-15466)

It was discovered that Wireshark did not properly handle certain
Kafka packages. An attacker could possibly use this issue to cause
Wireshark to crash, resulting in a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-17498)

It was discovered that Wireshark did not properly handle certain TCP
packages containing an invalid 0xFFFF checksum. An attacker could
possibly use this issue to cause Wireshark to crash, resulting in
a denial of service. (CVE-2020-25862)

It was discovered that Wireshark did not properly handle certain
MIME packages containing invalid parts. An attacker could
possibly use this issue to cause Wireshark to crash, resulting in
a denial of service. (CVE-2020-25863)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 focal tshark –  3.2.3-1ubuntu0.1~esm1  
wireshark –  3.2.3-1ubuntu0.1~esm1  
wireshark-qt –  3.2.3-1ubuntu0.1~esm1  
wireshark-common –  3.2.3-1ubuntu0.1~esm1  
wireshark-gtk –  3.2.3-1ubuntu0.1~esm1  
libwireshark13 –  3.2.3-1ubuntu0.1~esm1  
18.04 bionic tshark –  2.6.10-1~ubuntu18.04.0+esm1  
wireshark-qt –  2.6.10-1~ubuntu18.04.0+esm1  
wireshark-gtk –  2.6.10-1~ubuntu18.04.0+esm1  
wireshark-common –  2.6.10-1~ubuntu18.04.0+esm1  
libwireshark11 –  2.6.10-1~ubuntu18.04.0+esm1  
wireshark –  2.6.10-1~ubuntu18.04.0+esm1  
16.04 xenial tshark –  2.6.10-1~ubuntu16.04.0+esm1  
wireshark-qt –  2.6.10-1~ubuntu16.04.0+esm1  
wireshark-gtk –  2.6.10-1~ubuntu16.04.0+esm1  
wireshark-common –  2.6.10-1~ubuntu16.04.0+esm1  
libwireshark11 –  2.6.10-1~ubuntu16.04.0+esm1  
wireshark –  2.6.10-1~ubuntu16.04.0+esm1  
14.04 trusty tshark –  2.6.10-1~ubuntu14.04.0~esm2  
wireshark-qt –  2.6.10-1~ubuntu14.04.0~esm2  
wireshark-gtk –  2.6.10-1~ubuntu14.04.0~esm2  
wireshark-common –  2.6.10-1~ubuntu14.04.0~esm2  
libwireshark11 –  2.6.10-1~ubuntu14.04.0~esm2  
wireshark –  2.6.10-1~ubuntu14.04.0~esm2  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›