Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 824474 (CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929)

Summary: <net-analyzer/wireshark-3.4.10: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bman, sam, zlogene
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 827866    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-18 08:42:31 UTC 
From https://www.wireshark.org/docs/relnotes/wireshark-3.4.10.html: 
```
    wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
    wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926.
    wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
    wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
    wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.
    wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
    wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
    wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
    wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920.
```
Comment 1 Larry the Git Cow gentoo-dev 2021-11-18 08:59:55 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87d6a9904b211382bff874f539e96268369f81ac

commit 87d6a9904b211382bff874f539e96268369f81ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-18 08:56:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-18 08:59:44 +0000

    net-analyzer/wireshark: add 3.4.10
    
    Now with tests! Restricted known-failing ones.
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 +
 net-analyzer/wireshark/wireshark-3.4.10.ebuild | 281 +++++++++++++++++++++++++
 net-analyzer/wireshark/wireshark-9999.ebuild   |   5 +-
 3 files changed, 285 insertions(+), 2 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2021-12-13 05:17:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06eb3e1a2d8234b725d8c8962c235a97cb65e9b1

commit 06eb3e1a2d8234b725d8c8962c235a97cb65e9b1
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-13 05:17:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-13 05:17:04 +0000

    net-analyzer/wireshark: drop 3.4.9
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 -
 net-analyzer/wireshark/wireshark-3.4.9.ebuild | 280 --------------------------
 2 files changed, 281 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-10-08 20:47:11 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97d0d735c5cd87bd92649af92ac9813441500ad6

commit 97d0d735c5cd87bd92649af92ac9813441500ad6
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-08 20:46:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-08 20:46:55 +0000

    net-analyzer/wireshark: drop 3.4.11
    
    Bug: https://bugs.gentoo.org/869140
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 -
 net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 -------------------------
 2 files changed, 286 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5afc42fac6b85a1784ed825e9428c75b6e2e32b0

commit 5afc42fac6b85a1784ed825e9428c75b6e2e32b0
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-08 20:46:37 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-08 20:46:37 +0000

    profiles/base: mask libvirt[wireshark-plugins] for older libvirt
    
    Bug: https://bugs.gentoo.org/869140
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.use.mask | 4 ++++
 1 file changed, 4 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 03:28:36 UTC 
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-10-16 14:46:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0b5bad8c2504362c0e8f33550615df1018533a8

commit e0b5bad8c2504362c0e8f33550615df1018533a8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-16 14:40:26 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:45:23 +0000

    [ GLSA 202210-04 ] Wireshark: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/824474
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/869140
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-16 14:55:48 UTC 
GLSA released, all done!