Summary: | net-analyzer/wireshark < 1.0.4 multiple DoS vulnerabilities (CVE-2008-{4680,4681,4682,4683,4684,4685}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Peter Volkov (RETIRED) <pva> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.wireshark.org/security/wnpa-sec-2008-06.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Peter Volkov (RETIRED)
2008-10-21 05:57:26 UTC
As we know, the security team is rather busy at the present time. Let's leave the GLSA vote to them, but get the stabilisation effort underway now. There are 4 individual DoS vulnerabilities described in the bug reports, and upstream recognises them as security vulnerabilities. Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" Arch teams, let's get this show on the road. AMD64 Arch Tester Report Compile/Install: OK USE Flags: All tested except gcrypt ipv6 portaudio and profile Functionality: OK Seems OK to stabilize. chadgentoo / # emerge --info Portage 2.1.4.5 (default/linux/amd64/2008.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.26-gentoo-r1 x86_64) ================================================================= System uname: 2.6.26-gentoo-r1 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ Timestamp of tree: Tue, 21 Oct 2008 12:07:01 +0000 app-shells/bash: 3.2_p33 dev-lang/python: 2.4.4-r13, 2.5.2-r6 dev-python/pycrypto: 2.0.1-r6 dev-util/cmake: 2.4.6-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r2 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -msse3 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans user-sandbox userfetch userpriv" GENTOO_MIRRORS="http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://www.gtlib.gatech.edu/pub/gentoo ftp://mirror.iawnet.sandia.gov/pub/gentoo/ ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://cudlug.cudenver.edu/gentoo/ http://gentoo.mirrors.pair.com/ http://open-systems.ufl.edu/mirrors/gentoo http://mirror.datapipe.net/gentoo http://prometheus.cs.wmich.edu/gentoo http://mirror.mcs.anl.gov/pub/gentoo/ http://gentoo.mirrors.easynews.com/linux/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/ http://mirror.fslutd.org/linux/distributions/gentoo/ http://gentoo.chem.wisc.edu/gentoo/ http://lug.mtu.edu/gentoo/" LANG="en_US.utf-8" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran gdbm gif gnome gnutls gpm gstreamer gtk hal iconv imagemagick isdnlog jpeg kde kerberos ldap libnotify mad midi mikmod mmx mp3 mpeg mudflap multilib ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdf perl png ppds pppd python qt3 qt3support qt4 quicktime readline reflection sdl session spell spl sse sse2 ssl startup-notification svg sysfs tcpd threads tiff truetype unicode usb vorbis xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev mouse keyboard joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY Thanks Chad, amd64 stable. Sparc stable, appears to work correctly. ppc64 stable alpha/ia64/x86 stable hppa stable http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685 ppc stable, sorry for that ... ahem ... "delay" *cough* Ready for vote, I vote YES. Yes, too. Request filed. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680 was missing somehow. GLSA 200906-05, thanks everyone |