Summary: | <net-analyzer/wireshark-1.12.7: Multiple vulnerabilities (CVE-2015-{6241,6249}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.wireshark.org/lists/wireshark-announce/201508/msg00000.html | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2015-08-14 04:29:43 UTC
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.12.7 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 amd64 stable Stable for PPC64. Added to an existing GLSA Request. We will be ready to release once stabilized. Stable for HPPA. Stable on alpha. ia64 stable ppc stable Two to go. sparc stable CVE's added. CVE-2015-6249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6249): The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-6241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6241): The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Ping on x86 stabilization, GLSA ready to be released as soon as stabilization complete. x86 stable This issue was resolved and addressed in GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03 by GLSA coordinator Kristian Fiskerstrand (K_F). |