Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 215276
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 215276 depends on: Show dependency tree
Bug 215276 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-03-29 01:42 0000 
Name: Multiple problems in Wireshark®versions 0.99.2 to 0.99.8

Docid: wnpa-sec-2008-02

Date: March 31, 2008

Versions affected: 0.99.2 up to and including 0.99.8
Details
Description

Wireshark 1.0.0 fixes the following vulnerabilities:

    * The X.509sat dissector could crash. (Bug 2329)
      Versions affected: 0.99.5 to 0.99.8
    * The Roofnet dissector could crash on Windows, Solaris, and other
platforms. (Bug 2331)
      Versions affected: 0.99.5 to 0.99.8
    * The LDAP dissector could crash on Windows and other platforms. (Bug 1613)
      Versions affected: 0.99.2 to 0.99.8
    * The SCCP dissector could crash while using the "decode as" feature. (Bug
2392)
      Versions affected: 0.99.6 to 0.99.8 

Impact

It may be possible to make Wireshark crashby injecting a purposefully malformed
packet onto the wire or by convincing someone to read a malformed packet trace
file.
Resolution

Upgrade to Wireshark 1.0.0 or later.

------- Comment #1 From Christian Faulhammer 2008-03-31 09:49:57 0000 ------- 
1.0 is out

------- Comment #2 From Robert Buchholz 2008-04-01 19:53:30 0000 ------- 
Arches, please test and mark stable:
=net-analyzer/wireshark-1.0.0
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"

------- Comment #3 From Richard Freeman 2008-04-02 01:44:50 0000 ------- 
amd64 stable

------- Comment #4 From Christian Faulhammer 2008-04-02 07:58:42 0000 ------- 
x86 stable

------- Comment #5 From Raúl Porcel 2008-04-02 13:29:06 0000 ------- 
alpha/ia64/sparc stable

------- Comment #6 From Jeroen Roovers 2008-04-02 16:06:17 0000 ------- 
Stable for HPPA.

------- Comment #7 From Markus Rothe 2008-04-02 17:30:54 0000 ------- 
ppc64 stable

------- Comment #8 From Tobias Scherbaum 2008-04-03 18:26:46 0000 ------- 
ppc stable

------- Comment #9 From Robert Buchholz 2008-04-03 22:43:42 0000 ------- 
GLSA vote.

------- Comment #10 From Peter Volkov 2008-04-04 04:51:36 0000 ------- 
Fixed in release snapshot.

------- Comment #11 From Matthias Geerdsen 2008-04-12 13:55:31 0000 ------- 
only a DoS, but since we issued GLSAs for wireshark DoS before, we should
probably issue one again

-> (half) yes

------- Comment #12 From Robert Buchholz 2008-04-23 16:42:43 0000 ------- 
I'd consider wireshark more A then B, so I'm also in for a YES.

------- Comment #13 From Matthias Geerdsen 2008-04-29 13:12:16 0000 ------- 
GLSA request filed

------- Comment #14 From Pierre-Yves Rofes 2008-07-09 21:31:28 0000 ------- 
this was GLSA 200805-05.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug