824474 – (CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929) <net-analyzer/wireshark-3.4.10: Multiple vulnerabilities

Bug 824474 (CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929) - <net-analyzer/wireshark-3.4.10: Multiple vulnerabilities

Summary: <net-analyzer/wireshark-3.4.10: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa+]
Keywords:

Depends on:	827866
Blocks:
	Show dependency tree

Reported:	2021-11-18 08:42 UTC by Sam James
Modified:	2022-10-16 14:55 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2021-11-18 08:42:31 UTC

From https://www.wireshark.org/docs/relnotes/wireshark-3.4.10.html: 
```
    wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
    wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926.
    wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
    wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
    wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.
    wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
    wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
    wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
    wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920.
```

Comment 1 Larry the Git Cow gentoo-dev

2021-11-18 08:59:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87d6a9904b211382bff874f539e96268369f81ac

commit 87d6a9904b211382bff874f539e96268369f81ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-18 08:56:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-18 08:59:44 +0000

    net-analyzer/wireshark: add 3.4.10
    
    Now with tests! Restricted known-failing ones.
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 +
 net-analyzer/wireshark/wireshark-3.4.10.ebuild | 281 +++++++++++++++++++++++++
 net-analyzer/wireshark/wireshark-9999.ebuild   |   5 +-
 3 files changed, 285 insertions(+), 2 deletions(-)

Comment 2 Larry the Git Cow gentoo-dev

2021-12-13 05:17:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06eb3e1a2d8234b725d8c8962c235a97cb65e9b1

commit 06eb3e1a2d8234b725d8c8962c235a97cb65e9b1
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-13 05:17:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-13 05:17:04 +0000

    net-analyzer/wireshark: drop 3.4.9
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 -
 net-analyzer/wireshark/wireshark-3.4.9.ebuild | 280 --------------------------
 2 files changed, 281 deletions(-)

Comment 3 Larry the Git Cow gentoo-dev

2022-10-08 20:47:11 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97d0d735c5cd87bd92649af92ac9813441500ad6

commit 97d0d735c5cd87bd92649af92ac9813441500ad6
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-08 20:46:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-08 20:46:55 +0000

    net-analyzer/wireshark: drop 3.4.11
    
    Bug: https://bugs.gentoo.org/869140
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 -
 net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 -------------------------
 2 files changed, 286 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5afc42fac6b85a1784ed825e9428c75b6e2e32b0

commit 5afc42fac6b85a1784ed825e9428c75b6e2e32b0
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-08 20:46:37 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-08 20:46:37 +0000

    profiles/base: mask libvirt[wireshark-plugins] for older libvirt
    
    Bug: https://bugs.gentoo.org/869140
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.use.mask | 4 ++++
 1 file changed, 4 insertions(+)

Comment 4 John Helmert III archtester

2022-10-14 03:28:36 UTC

GLSA request filed

Comment 5 Larry the Git Cow gentoo-dev

2022-10-16 14:46:13 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0b5bad8c2504362c0e8f33550615df1018533a8

commit e0b5bad8c2504362c0e8f33550615df1018533a8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-16 14:40:26 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:45:23 +0000

    [ GLSA 202210-04 ] Wireshark: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/824474
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/869140
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

Comment 6 John Helmert III archtester

2022-10-16 14:55:48 UTC

GLSA released, all done!