Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 634872 (CVE-2017-15191, CVE-2017-15192, CVE-2017-15193)

Summary: <net-analyzer/wireshark-2.4.2: Multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: alwag, netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=635686
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 629370, 635686    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-20 15:02:55 UTC 
CVE-2017-15193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15193):
  In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could
  crash or exhaust system memory. This was addressed in
  epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

CVE-2017-15192 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15192):
  In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could
  crash. This was addressed in epan/dissectors/packet-btatt.c by considering a
  case where not all of the BTATT packets have the same encapsulation level.

CVE-2017-15191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15191):
  In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP
  dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by
  validating a string length.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-20 15:07:05 UTC 
*** Bug 633992 has been marked as a duplicate of this bug. ***
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-03-25 18:47:14 UTC 
2.2.x has been dekeyworded for all arches except alpha.  Cleanup of that version will be tracked in a newer bug.