Summary: | <net-analyzer/wireshark-1.12.3: Multiple vulnerabilities (CVE-2015-{0559,0560,0561,0562,0563,0564}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.wireshark.org/docs/relnotes/wireshark-1.12.3.html | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 532854 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-01-08 15:31:37 UTC
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.12.3 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 amd64 stable x86 stable Stable for HPPA. Stable on alpha (including sbc) CVE-2015-0564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0564): Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. CVE-2015-0563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0563): epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-0562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0562): Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVE-2015-0561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0561): asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVE-2015-0560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0560): The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-0559 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0559): Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. sparc stable ppc64 stable ppc stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. Maintainer(s), Thank you for you for cleanup. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03 by GLSA coordinator Kristian Fiskerstrand (K_F). |