From secunia security advisory at $URL: Description Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A NULL pointer dereference error in the ANSI A dissector can be exploited to cause a crash via a specially crafted packet. 2) An error in the IEEE 802.11 dissector can be exploited to cause an infinite loop via a specially crafted packet. This vulnerability is reported in versions 1.6.0 through 1.6.5 only. 3) An error in the MP2T dissector when allocating memory can be exploited to cause a crash via a specially crafted packet. NOTE: A weakness exists in the pcap and pcap-ng file parsers when reading ERF data and can cause a crash via a specially crafted trace file. The vulnerabilities are reported in versions 1.4.0 through 1.4.11 and 1.6.0 through 1.6.5. Solution Update to version 1.4.12 or 1.6.6.
*wireshark-1.6.6 (01 Apr 2012) 01 Apr 2012; Sebastian Pipping <sping@gentoo.org> +wireshark-1.6.6.ebuild: Bump to 1.6.6 (bug #410071), propagating denial of support for gnutls 3 by upstream due to license incompatibility So 1.6.* is settled. Do we still care about 1.4.*?
(In reply to comment #1) > So 1.6.* is settled. Do we still care about 1.4.*? If you(netmon/maintainer) have planned to support 1.4.x series, yes. Otherwise you can remove it and we will proceed to stabilization of 1.6.6
(In reply to comment #2) > (In reply to comment #1) > > So 1.6.* is settled. Do we still care about 1.4.*? > > If you(netmon/maintainer) have planned to support 1.4.x series, yes. I was hinting at pva@'s input here.
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.6.6 Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
amd64 stable
Stable for HPPA.
I found bug #411175 on x86, which is a slight regression. Should we continue anyway or wait?
Archtested on x86: Everything OK _except_ for the issue in bug 411175. I'm seeing the same issue with USE="gtk -pcap" Apart from the bug, all other USE flag combinations work. On a build without USE="gtk -pcap", I was able to perform manual runtime tests without any issues.
x86: after applying patch all everything fine.
x86 stable, thanks all!
alpha/ia64/sparc stable
ppc done
CVE-2012-1596 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1596): The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. CVE-2012-1595 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1595): The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. CVE-2012-1594 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1594): epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2012-1593 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1593): epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
ppc64 done
Thanks, folks. GLSA Vote: no.
(In reply to comment #3) > (In reply to comment #2) > > (In reply to comment #1) > > > So 1.6.* is settled. Do we still care about 1.4.*? > > > > If you(netmon/maintainer) have planned to support 1.4.x series, yes. > > I was hinting at pva@'s input here. It looks like the decision here was to stop support on 1.4.x, correct? Also, please don't forget to remove vulnerable versions from tree. Thanks.
(In reply to comment #16) > It looks like the decision here was to stop support on 1.4.x, correct? I was waiting for pva to give his input, but it's taken very long, so I have removed 1.4.9 along with the vulnerable 1.6.* ebuilds. > Also, please don't forget to remove vulnerable versions from tree. Thanks. Done.
Thanks, Jeroen. GLSA vote: no, client-side DoS. Closing noglsa.
