730414 – (CVE-2020-15466) <net-analyzer/wireshark-3.2.5 - GVCP dissector infinite loop

Bug 730414 (CVE-2020-15466) - <net-analyzer/wireshark-3.2.5 - GVCP dissector infinite loop

Summary: <net-analyzer/wireshark-3.2.5 - GVCP dissector infinite loop

Status:	RESOLVED FIXED

Alias:	CVE-2020-15466

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.wireshark.org/lists/wires...
Whiteboard:	B3 [glsa+]
Keywords:

Depends on:
Blocks:	CVE-2020-9428, CVE-2020-9429, CVE-2020-9430, CVE-2020-9431 CVE-2020-11647, wnpa-sec-2020-07 CVE-2020-13164, wnpa-sec-2020-08
	Show dependency tree

Reported:	2020-07-01 21:21 UTC by Jeroen Roovers (RETIRED)
Modified:	2020-07-26 23:50 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=net-analyzer/wireshark-3.2.5
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2020-07-01 21:21:08 UTC

The following vulnerabilities have been fixed:

     • wnpa-sec-2020-09[1] GVCP dissector infinite loop. Bug 16029[2].
       CVE-2020-15466[3].



[1] https://www.wireshark.org/security/wnpa-sec-2020-09
[2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15466

Comment 1 Larry the Git Cow gentoo-dev

2020-07-01 21:21:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b4f7a0189a7403613443bb7b514ba9334c2b616

commit 8b4f7a0189a7403613443bb7b514ba9334c2b616
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2020-07-01 21:19:20 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2020-07-01 21:21:31 +0000

    net-analyzer/wireshark: Version 3.2.5
    
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Bug: https://bugs.gentoo.org/730414
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.2.5.ebuild | 261 ++++++++++++++++++++++++++
 2 files changed, 262 insertions(+)

Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev

2020-07-05 08:59:23 UTC

ppc64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2020-07-05 13:36:57 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2020-07-05 13:38:40 UTC

arm stable

Comment 5 Agostino Sarubbo gentoo-dev

2020-07-05 13:45:53 UTC

x86 stable.

Maintainer(s), please cleanup.

Comment 6 Larry the Git Cow gentoo-dev

2020-07-05 14:01:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18f8cd496417f7e8f41dfdbf68e9907810e9fb6b

commit 18f8cd496417f7e8f41dfdbf68e9907810e9fb6b
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2020-07-05 14:01:32 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2020-07-05 14:01:46 +0000

    net-analyzer/wireshark: Old
    
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=730414
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 -
 net-analyzer/wireshark/wireshark-3.2.4.ebuild | 261 --------------------------
 2 files changed, 262 deletions(-)

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2020-07-26 23:50:05 UTC

This issue was resolved and addressed in
 GLSA 202007-13 at https://security.gentoo.org/glsa/202007-13
by GLSA coordinator Sam James (sam_c).