Debian Issues Security Advisory for Wireshark Users

The Debian Project has put out a security advisory for users of its GNU/Linux distribution in regards to several vulnerabilities found in the popular Wireshark network protocol analyzer. These problems could be exploited to execute arbitrary code or carry out a denial of service operation.

Vulnerabilities were discovered in dissectors for the following protocols:

  • ADB
  • GSM A DTAP
  • IEEE 802.11
  • LDSS
  • NBAP
  • PCP
  • Q.931
  • SIGCOMP
  • UMTS MAC

Users of Debian Jessie can rest assured that upgrading their package will correct these vulnerabilities and restore Wireshark to a safe state. Version 1.12.1+g01b65bf-4+deb8u14 comes with fixes for those running the so-called old stable edition. Those who are on the current stable Stretch distribution can upgrade their Wireshark package to version number 2.2.6+g32dac6a-2+deb9u3 in order to ensure safety. Those running older versions on the Jessie or Stretch platforms are hypothetically exposed to exploits that make use of these vulnerabilities.

As early as June 3, Debian had released a document urging users to install updates and ensure that users had these versions of the Wireshark package installed. Debian has become well-known for releasing such regular advisories whenever there’s a problem with any of the many packages that users can install through the dpkg and apt tools. Those who deploy Debian Linux in a secure environment are encouraged to follow these advisories regularly.

In spite of this, many users are likely to still be using potentially insecure versions. While those who have recently upgraded all software on their Debian Linux systems are probably running the latest version, those who haven’t should take the opportunity to install the update before the vulnerabilities are exploited. Information from Debian’s security tracker seems to insinuate that developers are also working on several other vulnerabilities, which might mean a few other patches in the near future.

The good news is that these patches are part of a long line of security improvements for Wireshark, which have often helped to keep it from falling prey to those with malicious intent. Since capturing traffic from network interfaces requires elevated privileges, it used to be necessary to run Wireshark as root. Improvements to the software rendered that no longer necessary, which drastically improved the overall secureness of the application.

John Rendace
John is a GNU/Linux expert with a hobbyist's background in C/C++, Web development, storage and file system technologies. In his free time, he maintains custom and vintage PC hardware. He's been compiling his own software from source since the DOS days and still prefers using the command line all these years later.