Name: Multiple problems in Wireshark®versions 0.99.2 to 0.99.8 Docid: wnpa-sec-2008-02 Date: March 31, 2008 Versions affected: 0.99.2 up to and including 0.99.8 Details Description Wireshark 1.0.0 fixes the following vulnerabilities: * The X.509sat dissector could crash. (Bug 2329) Versions affected: 0.99.5 to 0.99.8 * The Roofnet dissector could crash on Windows, Solaris, and other platforms. (Bug 2331) Versions affected: 0.99.5 to 0.99.8 * The LDAP dissector could crash on Windows and other platforms. (Bug 1613) Versions affected: 0.99.2 to 0.99.8 * The SCCP dissector could crash while using the "decode as" feature. (Bug 2392) Versions affected: 0.99.6 to 0.99.8 Impact It may be possible to make Wireshark crashby injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.0.0 or later.
1.0 is out
Arches, please test and mark stable: =net-analyzer/wireshark-1.0.0 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"
amd64 stable
x86 stable
alpha/ia64/sparc stable
Stable for HPPA.
ppc64 stable
ppc stable
GLSA vote.
Fixed in release snapshot.
only a DoS, but since we issued GLSAs for wireshark DoS before, we should probably issue one again -> (half) yes
I'd consider wireshark more A then B, so I'm also in for a YES.
GLSA request filed
this was GLSA 200805-05.