Summary: | <net-analyzer/wireshark-2.6.2 - multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.wireshark.org/lists/wireshark-announce/201807/msg00001.html | ||
See Also: | https://github.com/gentoo/gentoo/pull/9299 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-analyzer/wireshark-2.6.2
=media-libs/bcg729-1.0.4
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 656806 |
Description
Jeroen Roovers (RETIRED)
2018-07-19 12:11:51 UTC
An automated check of this bug failed - repoman reported dependency errors (86 lines truncated):
> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0444a2b5f78fc78a5b5e83866f3ae83e1f959c34 commit 0444a2b5f78fc78a5b5e83866f3ae83e1f959c34 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-20 08:02:21 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-20 08:07:33 +0000 net-analyzer/wireshark: stable 2.6.2 for ia64, bug #661578 Bug: https://bugs.gentoo.org/661578 Package-Manager: Portage-2.3.43, Repoman-2.3.10 RepoMan-Options: --include-arches="ia64" net-analyzer/wireshark/wireshark-2.6.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 12242311037352a91e1d8cdea4f9b3b9ad6ea1e9 Author: Jeroen Roovers <jer@gentoo.org> Date: Fri Jul 20 09:07:26 2018 +0200 net-analyzer/wireshark: Stable for AMD64 x86 too. Stable on alpha. arm stable CVE-2018-14370 (https://nvd.nist.gov/vuln/detail/CVE-2018-14370): In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. CVE-2018-14369 (https://nvd.nist.gov/vuln/detail/CVE-2018-14369): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. CVE-2018-14368 (https://nvd.nist.gov/vuln/detail/CVE-2018-14368): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. CVE-2018-14367 (https://nvd.nist.gov/vuln/detail/CVE-2018-14367): In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. CVE-2018-14344 (https://nvd.nist.gov/vuln/detail/CVE-2018-14344): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. CVE-2018-14343 (https://nvd.nist.gov/vuln/detail/CVE-2018-14343): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. CVE-2018-14342 (https://nvd.nist.gov/vuln/detail/CVE-2018-14342): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. CVE-2018-14341 (https://nvd.nist.gov/vuln/detail/CVE-2018-14341): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. CVE-2018-14340 (https://nvd.nist.gov/vuln/detail/CVE-2018-14340): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. CVE-2018-14339 (https://nvd.nist.gov/vuln/detail/CVE-2018-14339): In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. ppc64 stable ppc keywords dropped Version no longer in tree GLSA Vote: No Thank you all for you work. Closing as [noglsa]. tree is clean |