Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 682918 (CVE-2019-10894, CVE-2019-10895, CVE-2019-10896, CVE-2019-10897, CVE-2019-10898, CVE-2019-10899, CVE-2019-10900, CVE-2019-10901, CVE-2019-10902, CVE-2019-10903)

Summary: <net-analyzer/wireshark-3.0.1 - multiple vulnerabilities
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.wireshark.org/lists/wireshark-announce/201904/msg00000.html
Whiteboard: B3 [noglsa stable]
Package list:
=net-analyzer/wireshark-3.0.1
Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2019-04-09 06:17:10 UTC
Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2019-09[1] NetScaler file parser crash. Bug 15497[2].
       CVE-2019-10895[3].

     • wnpa-sec-2019-10[4] SRVLOC dissector crash. Bug 15546[5].
       CVE-2019-10899[6].

     • wnpa-sec-2019-11[7] IEEE 802.11 dissector infinite loop. Bug
       15553[8]. CVE-2019-10897[9].

     • wnpa-sec-2019-12[10] GSUP dissector infinite loop. Bug 15585[11].
       CVE-2019-10898[12].

     • wnpa-sec-2019-13[13] Rbm dissector infinite loop. Bug 15612[14].
       CVE-2019-10900[15].

     • wnpa-sec-2019-14[16] GSS-API dissector crash. Bug 15613[17].
       CVE-2019-10894[18].

     • wnpa-sec-2019-15[19] DOF dissector crash. Bug 15617[20].
       CVE-2019-10896[21].

     • wnpa-sec-2019-16[22] TSDNS dissector crash. Bug 15619[23].
       CVE-2019-10902[24].

     • wnpa-sec-2019-17[25] LDSS dissector crash. Bug 15620[26].
       CVE-2019-10901[27].

     • wnpa-sec-2019-18[28] DCERPC SPOOLSS dissector crash. Bug
       15568[29]. CVE-2019-10903[30].
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2019-04-09 06:19:45 UTC
CVE-2019-10898,CVE-2019-10900,CVE-2019-10894,CVE-2019-10896,CVE-2019-10902,CVE-2019-10901,CVE-2019-10903
Comment 2 Larry the Git Cow gentoo-dev 2019-04-09 06:24:38 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9afa87f4866173df8d24bd9cb99b42207bb21cdc

commit 9afa87f4866173df8d24bd9cb99b42207bb21cdc
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2019-04-09 06:24:10 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2019-04-09 06:24:34 +0000

    net-analyzer/wireshark: Version 3.0.1
    
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Bug: https://bugs.gentoo.org/682918
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.0.1.ebuild | 246 ++++++++++++++++++++++++++
 2 files changed, 247 insertions(+)
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2019-04-09 19:38:22 UTC
Stable? You need to ask?
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2019-04-09 19:46:29 UTC
(In reply to Jeroen Roovers from comment #3)
> Stable? You need to ask?

That's the way it works... maintainers sometimes get mad if we call it for them...

@arches, please stabilize.
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-09 21:01:49 UTC
amd64 stable
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-10 17:06:10 UTC
x86 stable
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-17 11:45:31 UTC
arm stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-20 17:52:32 UTC
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-06-04 13:17:38 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2019-08-23 16:34:55 UTC
ia64 stable
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2019-08-29 00:25:10 UTC
tree is clean