Wireshark 1.0.9 fixes the following vulnerabilities: (http://www.wireshark.org/security/wnpa-sec-2009-05.html) * The AFS dissector could crash. * The Infiniband dissector could crash on some platforms. (c.f. bug 278564) # The OpcUa dissector could use excessive CPU and memory. Wireshark 1.2.2 fixes the following vulnerabilities: (http://www.wireshark.org/security/wnpa-sec-2009-06.html) * The GSM A RR dissector could crash. * The OpcUa dissector could use excessive CPU and memory. * The TLS dissector could crash on some platforms. (Bug report states "Windows XP", not sure if this affects us)
CVE-2009-3241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3241): Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. CVE-2009-3242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3242): Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. CVE-2009-3243 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3243): Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
ats time to bum the new version in portage
it's time to bump the new version in portage
1.0.8 dropped from the tree. 1.2.2 bumped. Arch teams, please, stabilize wireshark-1.2.2.
amd64 stable
x86 stable
Stable on alpha.
Stable for HPPA.
ia64/sparc stable
ppc64 done
ppc stable Bug ready to be fixed by security team.
CVE-2009-3829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3829): Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Rerating, GLSA request filed.
GLSA 200911-05