| Summary: | <net-analyzer/wireshark-1.10.7 - RTP dissector crash (CVE-2014-2907) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | netmon |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.wireshark.org/security/wnpa-sec-2014-06.html | ||
| See Also: | https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885 | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.10.7 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 stable x86 stable CVE-2014-2907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2907): The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ppc stable ppc64 stable ia64 stable sparc stable alpha stable. Maintainer(s), please cleanup. Security, please vote. Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201406-33 at http://security.gentoo.org/glsa/glsa-201406-33.xml by GLSA coordinator Mikle Kolyada (Zlogene). |
* [1]wnpa-sec-2014-06 The RTP dissector could crash. ([2]Bug 9885) Versions affected: 1.10.0 to 1.10.6 [3]CVE-2014-2907