Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 661578 (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369)

Summary: <net-analyzer/wireshark-2.6.2 - multiple vulnerabilities
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.wireshark.org/lists/wireshark-announce/201807/msg00001.html
See Also: https://github.com/gentoo/gentoo/pull/9299
Whiteboard: B3 [noglsa cve]
Package list:
=net-analyzer/wireshark-2.6.2 =media-libs/bcg729-1.0.4
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 656806    

Description Jeroen Roovers (RETIRED) gentoo-dev 2018-07-19 12:11:51 UTC
What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2018-34[1]

     • BGP dissector large loop. Bug 13741[2]. CVE-2018-14342[3].

     • wnpa-sec-2018-35[4]

     • ISMP dissector crash. Bug 14672[5]. CVE-2018-14344[6].

     • wnpa-sec-2018-36[7]

     • Multiple dissectors could crash. Bug 14675[8]. CVE-2018-14340[9].

     • wnpa-sec-2018-37[10]

     • ASN.1 BER dissector crash. Bug 14682[11]. CVE-2018-14343[12].

     • wnpa-sec-2018-38[13]

     • MMSE dissector infinite loop. Bug 14738[14]. CVE-2018-14339[15].

     • wnpa-sec-2018-39[16]

     • DICOM dissector crash. Bug 14742[17]. CVE-2018-14341[18].

     • wnpa-sec-2018-40[19]

     • Bazaar dissector infinite loop. Bug 14841[20].
       CVE-2018-14368[21].

     • wnpa-sec-2018-41[22]

     • HTTP2 dissector crash. Bug 14869[23]. CVE-2018-14369[24].

     • wnpa-sec-2018-42[25]

     • CoAP dissector crash. Bug 14966[26]. CVE-2018-14367[27].
Comment 1 Stabilization helper bot gentoo-dev 2018-07-19 13:00:25 UTC
An automated check of this bug failed - repoman reported dependency errors (86 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
Comment 2 Larry the Git Cow gentoo-dev 2018-07-20 08:08:01 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0444a2b5f78fc78a5b5e83866f3ae83e1f959c34

commit 0444a2b5f78fc78a5b5e83866f3ae83e1f959c34
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-20 08:02:21 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-20 08:07:33 +0000

    net-analyzer/wireshark: stable 2.6.2 for ia64, bug #661578
    
    Bug: https://bugs.gentoo.org/661578
    Package-Manager: Portage-2.3.43, Repoman-2.3.10
    RepoMan-Options: --include-arches="ia64"

 net-analyzer/wireshark/wireshark-2.6.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2018-07-21 10:16:58 UTC
commit 12242311037352a91e1d8cdea4f9b3b9ad6ea1e9
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Fri Jul 20 09:07:26 2018 +0200

    net-analyzer/wireshark: Stable for AMD64 x86 too.
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2018-07-23 13:10:25 UTC
Stable on alpha.
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-07-23 21:50:08 UTC
arm stable
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2018-07-26 09:16:39 UTC
CVE-2018-14370 (https://nvd.nist.gov/vuln/detail/CVE-2018-14370):
  In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol
  dissector could crash. This was addressed in epan/crypt/airpdcap.c via
  bounds checking that prevents a buffer over-read.

CVE-2018-14369 (https://nvd.nist.gov/vuln/detail/CVE-2018-14369):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2
  dissector could crash. This was addressed in epan/dissectors/packet-http2.c
  by verifying that header data was found before proceeding to header
  decompression.

CVE-2018-14368 (https://nvd.nist.gov/vuln/detail/CVE-2018-14368):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar
  protocol dissector could go into an infinite loop. This was addressed in
  epan/dissectors/packet-bzr.c by properly handling items that are too long.

CVE-2018-14367 (https://nvd.nist.gov/vuln/detail/CVE-2018-14367):
  In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector
  could crash. This was addressed in epan/dissectors/packet-coap.c by properly
  checking for a NULL condition.

CVE-2018-14344 (https://nvd.nist.gov/vuln/detail/CVE-2018-14344):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP
  dissector could crash. This was addressed in epan/dissectors/packet-ismp.c
  by validating the IPX address length to avoid a buffer over-read.

CVE-2018-14343 (https://nvd.nist.gov/vuln/detail/CVE-2018-14343):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1
  BER dissector could crash. This was addressed in
  epan/dissectors/packet-ber.c by ensuring that length values do not exceed
  the maximum signed integer.

CVE-2018-14342 (https://nvd.nist.gov/vuln/detail/CVE-2018-14342):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP
  protocol dissector could go into a large loop. This was addressed in
  epan/dissectors/packet-bgp.c by validating Path Attribute lengths.

CVE-2018-14341 (https://nvd.nist.gov/vuln/detail/CVE-2018-14341):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM
  dissector could go into a large or infinite loop. This was addressed in
  epan/dissectors/packet-dcm.c by preventing an offset overflow.

CVE-2018-14340 (https://nvd.nist.gov/vuln/detail/CVE-2018-14340):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors
  that support zlib decompression could crash. This was addressed in
  epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer
  over-read.

CVE-2018-14339 (https://nvd.nist.gov/vuln/detail/CVE-2018-14339):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE
  dissector could go into an infinite loop. This was addressed in epan/proto.c
  by adding offset and length validation.
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-08-11 19:05:34 UTC
ppc64 stable
Comment 8 Matt Turner gentoo-dev 2018-09-16 19:31:18 UTC
ppc keywords dropped
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2019-03-11 06:18:09 UTC
Version no longer in tree

GLSA Vote: No

Thank you all for you work. 
Closing as [noglsa].
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2019-03-11 06:32:58 UTC
tree is clean