Summary: | <net-analyzer/wireshark-1.8.3 - multiple vulnerabilities (CVE-2012-{5237,5238,5240}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon, pva, zerochaos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 437032 | ||
Bug Blocks: |
Description
Jeroen Roovers (RETIRED)
2012-10-02 23:43:13 UTC
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.8.3 Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 Please take note of bug #437032 while testing. stable ppc ppc64 amd64 stable Stable for HPPA. alpha/ia64/sparc stable Hm, why isn't x86 here? Stable for x86. CVE-2012-5240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5240): Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. CVE-2012-5238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5238): epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. CVE-2012-5237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5237): The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Thanks, everyone. GLSA vote: no. Thanks, folks. GLSA Vote: no too. Closing noglsa. |