Summary: | net-analyzer/wireshark <1.0.1 DoS issues CVE-2008-{3137,3138,3139,3140,3141} | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | 7v5w7go9ub0o <7v5w7go9ub0o> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.wireshark.org/security/wnpa-sec-2008-03.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
7v5w7go9ub0o
2008-07-01 23:23:17 UTC
New version is in the tree. Arch teams, please, stabilize. Target keywords: wireshark-1.0.1: alpha amd64 hppa ia64 ppc ppc64 sparc x86 alpha/ia64/sparc/x86 stable Stable for HPPA. ppc stable ppc64 done dodoc: READMEbsd does not exist dodoc: READMElinux does not exist dodoc: READMEmacos does not exist dodoc: READMEvmware does not exist amd64 stable, all arches done. GLSA vote here... same that 215276, DoS but we already issued GLSAs for this... so voting YES. CVE-2008-3137: The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. CVE-2008-3138: The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. CVE-2008-3139: The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. CVE-2008-3140: The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." CVE-2008-3141: Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. YES too, filing request. GLSA 200808-04 |