Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 271062 (CVE-2009-1829)

Summary: <net-analyzer/wireshark-1.0.8: PCNFSD DoS (CVE-2009-1829)
Product: Gentoo Security Reporter: Peter Volkov (RETIRED) <pva>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.wireshark.org/security/wnpa-sec-2009-03.html
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Peter Volkov (RETIRED) gentoo-dev 2009-05-24 14:16:30 UTC
Just coping wireshark security announcement:

http://www.wireshark.org/security/wnpa-sec-2009-03.htm

PCNFSD vulnerability in Wireshark® versions 0.8.20 to 1.0.7

Docid: wnpa-sec-2009-03
Date: May 21, 2009
Versions affected: 0.8.20 up to and including 1.0.7

Description: Wireshark 1.0.8 fixes the following vulnerability:

    * The PCNFSD dissector could crash. Versions affected: 0.8.20 to 1.0.7
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2009-05-24 14:21:17 UTC
arch teams, please, stabilize wireshark-1.0.8.
Comment 2 Markus Meier gentoo-dev 2009-05-24 20:11:14 UTC
amd64/x86 stable
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-24 21:25:17 UTC
Stable for HPPA.
Comment 4 Brent Baude (RETIRED) gentoo-dev 2009-05-25 16:04:46 UTC
ppc64 done
Comment 5 Brent Baude (RETIRED) gentoo-dev 2009-05-25 16:04:53 UTC
ppc done
Comment 6 Tiago Cunha (RETIRED) gentoo-dev 2009-05-26 11:04:09 UTC
sparc stable
Comment 7 Ra├║l Porcel (RETIRED) gentoo-dev 2009-05-27 15:35:05 UTC
alpha/ia64 stable
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2009-05-27 17:55:42 UTC
No voting on this one, there will be a GLSA together with a bunch of other wireshark stuff.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2009-05-30 12:20:37 UTC
CVE-2009-1829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1829):
  Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20
  through 1.0.7 allows remote attackers to cause a denial of service
  (crash) via crafted PCNFSD packets.

Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-30 18:12:59 UTC
GLSA 200906-05, thanks everyone