QID 671108

Wireshark is a network traffic analyzer for unix-ish operating systems.
this package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark.
A graphical user interface is packaged separately to gtk+ package.
security fix(es): in wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash.
This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.(cve-2018-14340) in wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the dicom dissector could go into a large or infinite loop.
This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.(cve-2018-14341) in wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the json, xml, ntp, xmpp, and gdb dissectors could crash.
This was addressed in epan/tvbparse.c by limiting the recursion depth.(cve-2018-5336) in wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the sigcomp dissector could crash.
This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.(cve-2018-7418) in wireshark 2.2.0 to 2.2.6, the ros dissector could crash with a null pointer dereference.
This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an oid.(cve-2017-9347) in wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the dicom dissector has an infinite loop.
This was addressed in epan/dissectors/packet-dcm.c by validating a length value.(cve-2017-9349) in wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the mmse dissector could go into an infinite loop.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.