The following vulnerabilities have been fixed. * [1]wnpa-sec-2015-12 The LBMR dissector could go into an infinite loop. ([2]Bug 11036) [3]CVE-2015-3808 [4]CVE-2015-3809 * [5]wnpa-sec-2015-13 The WebSocket dissector could recurse excessively. ([6]Bug 10989) [7]CVE-2015-3810 * [8]wnpa-sec-2015-14 The WCP dissector could crash while decompressing data. ([9]Bug 10978) [10]CVE-2015-3811 * [11]wnpa-sec-2015-15 The X11 dissector could leak memory. ([12]Bug 11088) [13]CVE-2015-3812 * [14]wnpa-sec-2015-16 The packet reassembly code could leak memory. ([15]Bug 11129) [16]CVE-2015-3813 * [17]wnpa-sec-2015-17 The IEEE 802.11 dissector could go into an infinite loop. ([18]Bug 11110) [19]CVE-2015-3814 * [20]wnpa-sec-2015-18 The Android Logcat file parser could crash. Discovered by Hanno Böck. ([21]Bug 11188) [22]CVE-2015-3815
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.12.5 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Stable for PPC64.
Stable for HPPA.
ppc stable
amd64 stable
x86 stable
CVE-2015-3906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3906): The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. CVE-2015-3815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3815): The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. CVE-2015-3814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3814): The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3813 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3813): The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVE-2015-3812 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3812): Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVE-2015-3811 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3811): epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. CVE-2015-3810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3810): epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. CVE-2015-3809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3809): The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3808 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3808): The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
sparc stable
alpha stable
Added to existing glsa draft, lets continue in another bug.
This issue was resolved and addressed in GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03 by GLSA coordinator Kristian Fiskerstrand (K_F).
