Summary: | <net-analyzer/wireshark-1.12.5 - multiple vulnerabilities (CVE-2015-{3808,3809,3810,3811,3812,3813,3814,3815,3906}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2015-05-14 07:32:42 UTC
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.12.5 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 Stable for PPC64. Stable for HPPA. ppc stable amd64 stable x86 stable CVE-2015-3906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3906): The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. CVE-2015-3815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3815): The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. CVE-2015-3814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3814): The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3813 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3813): The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVE-2015-3812 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3812): Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVE-2015-3811 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3811): epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. CVE-2015-3810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3810): epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. CVE-2015-3809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3809): The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3808 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3808): The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. sparc stable alpha stable Added to existing glsa draft, lets continue in another bug. This issue was resolved and addressed in GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03 by GLSA coordinator Kristian Fiskerstrand (K_F). |