| Summary: | <net-analyzer/wireshark-2.6.6 - multiple vulnerabilities (CVE-2019-{5716,5717,5719}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | netmon |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.wireshark.org/lists/wireshark-announce/201901/msg00000.html | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 679004 | ||
| Bug Blocks: | |||
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38dc7a9478ce7f84b9a3553f44187b493b73d405 commit 38dc7a9478ce7f84b9a3553f44187b493b73d405 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-01-09 12:13:35 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-01-09 12:13:59 +0000 net-analyzer/wireshark: Version 2.6.6 Package-Manager: Portage-2.3.53, Repoman-2.3.12 Bug: https://bugs.gentoo.org/674980 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/wireshark/Manifest | 1 + .../files/wireshark-2.6.6-androiddump-wsutil.patch | 18 ++ net-analyzer/wireshark/wireshark-2.6.6.ebuild | 240 +++++++++++++++++++++ 3 files changed, 259 insertions(+) Jeroen is version 2.6.6 ready to start stabilization? It's been ready for stabilisation ever since comment #1 appeared. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df0cadfdacc609f30541c06334508b8f5fcac872 commit df0cadfdacc609f30541c06334508b8f5fcac872 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-02-23 12:54:11 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-02-23 13:04:13 +0000 net-analyzer/wireshark: Stable for AMD64 HPPA x86 too. Package-Manager: Portage-2.3.62, Repoman-2.3.12 RepoMan-Options: --ignore-arches Bug: https://bugs.gentoo.org/show_bug.cgi?id=674980 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/wireshark/wireshark-2.6.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) CVE-2019-5716 Detail Current Description In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. ______________________________ CVE-2019-5717 Detail Current Description In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. ______________________________ CVE-2019-5718 Detail Current Description In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. ______________________________ CVE-2019-5719 Detail Current Description In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. |
Bug Fixes The following vulnerabilities have been fixed: • wnpa-sec-2019-01[1] The 6LoWPAN dissector could crash. Bug 15217[2]. CVE-2019-5716[3]. • wnpa-sec-2019-02[4] The P_MUL dissector could crash. Bug 15337[5]. CVE-2019-5717[6]. • wnpa-sec-2019-03[7] The RTSE dissector and other dissectors could crash. Bug 15373[8]. CVE-2019-5718[9]. • wnpa-sec-2019-04[10] The ISAKMP dissector could crash. Bug 15374[11]. CVE-2019-5719[12].