Details Description The F5 Ethernet Trailer dissector could go into an infinite loop. Discovered by Jason Cohen. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.6.8, 3.4.16 or later.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ac0fae51f8558ef4d01861ae4b396039e1e9fcd commit 6ac0fae51f8558ef4d01861ae4b396039e1e9fcd Author: Sam James <sam@gentoo.org> AuthorDate: 2022-09-08 04:31:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-08 04:31:06 +0000 net-analyzer/wireshark: add 3.6.8 Bug: https://bugs.gentoo.org/869140 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.6.8.ebuild | 269 ++++++++++++++++++++++++++ 2 files changed, 270 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3d3daeddc9c5690c9482b49626e8b4bdf20bcfa commit e3d3daeddc9c5690c9482b49626e8b4bdf20bcfa Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-08 20:43:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-08 20:43:54 +0000 net-analyzer/wireshark: drop 3.6.3, 3.6.6 Bug: https://bugs.gentoo.org/833294 Bug: https://bugs.gentoo.org/869140 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 2 - net-analyzer/wireshark/wireshark-3.6.3.ebuild | 265 ------------------------- net-analyzer/wireshark/wireshark-3.6.6.ebuild | 269 -------------------------- 3 files changed, 536 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97d0d735c5cd87bd92649af92ac9813441500ad6 commit 97d0d735c5cd87bd92649af92ac9813441500ad6 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-08 20:46:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-08 20:46:55 +0000 net-analyzer/wireshark: drop 3.4.11 Bug: https://bugs.gentoo.org/869140 Bug: https://bugs.gentoo.org/833294 Bug: https://bugs.gentoo.org/802216 Bug: https://bugs.gentoo.org/830343 Bug: https://bugs.gentoo.org/824474 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 - net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 ------------------------- 2 files changed, 286 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5afc42fac6b85a1784ed825e9428c75b6e2e32b0 commit 5afc42fac6b85a1784ed825e9428c75b6e2e32b0 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-08 20:46:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-08 20:46:37 +0000 profiles/base: mask libvirt[wireshark-plugins] for older libvirt Bug: https://bugs.gentoo.org/869140 Bug: https://bugs.gentoo.org/833294 Bug: https://bugs.gentoo.org/802216 Bug: https://bugs.gentoo.org/830343 Bug: https://bugs.gentoo.org/824474 Signed-off-by: Sam James <sam@gentoo.org> profiles/base/package.use.mask | 4 ++++ 1 file changed, 4 insertions(+)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0b5bad8c2504362c0e8f33550615df1018533a8 commit e0b5bad8c2504362c0e8f33550615df1018533a8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:40:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:23 +0000 [ GLSA 202210-04 ] Wireshark: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/802216 Bug: https://bugs.gentoo.org/824474 Bug: https://bugs.gentoo.org/830343 Bug: https://bugs.gentoo.org/833294 Bug: https://bugs.gentoo.org/869140 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+)
GLSA released, all done!
