Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 278564
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Alex Legler <a3li@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 278564 depends on: Show dependency tree
Bug 278564 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-07-21 10:49 0000 
From the upstream advisory ($URL):
Wireshark 1.2.1 fixes the following vulnerabilities:

* The IPMI dissector could overrun a buffer. (Bug 3559) Affected: 1.2.0
* The AFS dissector could crash. (Bug 3564) Affected: 0.9.2 to 1.2.0
* The Infiniband dissector could crash on some platforms. Affected: 1.0.6 to
1.2.0
* The Bluetooth L2CAP dissector could crash. (Bug 3572) Affected: 1.2.0
* The RADIUS dissector could crash. (Bug 3578) Affected: 1.2.0
* The MIOP dissector could crash. (Bug 3652) Affected: 1.2.0
* The sFlow dissector could use excessive CPU and memory. (Bug 3570) Affected:
1.2.0

------- Comment #1 From Alex Legler 2009-07-21 10:51:24 0000 ------- 
Our latest stable seems to be at least vulnerable to issue 2 and maybe 3.

------- Comment #2 From Peter Volkov 2009-07-21 13:57:36 0000 ------- 
Bumped. Arch teams, please, stabilize wireshark-1.2.1.

------- Comment #3 From Tony Vroon 2009-07-21 14:10:01 0000 ------- 
+  21 Jul 2009; <chainsaw@gentoo.org> wireshark-1.2.1.ebuild:
+  Marked stable on AMD64 for security bug #278564. Tested on a Core2 Duo
+  with a Marvell "Sky2" 88E8055 NIC.

------- Comment #4 From Tobias Klausmann 2009-07-21 18:39:32 0000 ------- 
Stable on alpha

------- Comment #5 From Christian Faulhammer 2009-07-21 19:21:04 0000 ------- 
x86 stable

------- Comment #6 From Jeroen Roovers 2009-07-21 20:19:11 0000 ------- 
Stable for HPPA.

------- Comment #7 From Alex Legler 2009-07-23 19:32:34 0000 ------- 
CVE-2009-2559 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2559):
  Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows
  remote attackers to cause a denial of service (crash) via unspecified
  vectors related to an array index error.  NOTE: some of these details
  are obtained from third party information.

CVE-2009-2560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2560):
  Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote
  attackers to cause a denial of service (crash) via unspecified
  vectors in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP
  dissectors.

CVE-2009-2561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2561):
  Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0
  allows remote attackers to cause a denial of service (CPU and memory
  consumption) via unspecified vectors.

CVE-2009-2562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2562):
  Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2
  through 1.2.0 allows remote attackers to cause a denial of service
  (crash) via unknown vectors.

CVE-2009-2563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2563):
  Unspecified vulnerability in the Infiniband dissector in Wireshark
  1.0.6 through 1.2.0, when running on unspecified platforms, allows
  remote attackers to cause a denial of service (crash) via unknown
  vectors.

------- Comment #8 From Brent Baude 2009-07-26 13:48:02 0000 ------- 
ppc64 done

------- Comment #9 From Tiago Cunha 2009-07-31 18:27:37 0000 ------- 
sparc stable

------- Comment #10 From Raúl Porcel 2009-08-02 10:40:08 0000 ------- 
ia64 stable

------- Comment #11 From nixnut 2009-08-09 13:40:14 0000 ------- 
ppc stable

------- Comment #12 From Alex Legler 2009-09-17 08:56:57 0000 ------- 
GLSA 200909-16
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug