Summary: | <net-analyzer/wireshark-{3.6.14, 4.0.6}: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 908474, 908475 | ||
Bug Blocks: |
Description
Sam James
2023-05-25 06:30:29 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91f6f69cad3d8d5872f0d3b22c4ab49f5e63f0a7 commit 91f6f69cad3d8d5872f0d3b22c4ab49f5e63f0a7 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-25 06:35:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-25 06:36:07 +0000 net-analyzer/wireshark: add 4.0.6 Bug: https://bugs.gentoo.org/907133 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-4.0.6.ebuild | 314 ++++++++++++++++++++++++++ 2 files changed, 315 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b6ca39b757ff6400ee802d430459d17a38946ad commit 9b6ca39b757ff6400ee802d430459d17a38946ad Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-25 06:31:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-25 06:36:06 +0000 net-analyzer/wireshark: add 3.6.14 Bug: https://bugs.gentoo.org/907133 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.6.14.ebuild | 274 +++++++++++++++++++++++++ 2 files changed, 275 insertions(+) CVE-2023-2952 (https://www.wireshark.org/security/wnpa-sec-2023-20.html): XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVE-2023-0667 (https://gitlab.com/wireshark/wireshark/-/issues/19086): Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd1dc29662e09caace78b9d9832e7ddb34195b4b commit dd1dc29662e09caace78b9d9832e7ddb34195b4b Author: Sam James <sam@gentoo.org> AuthorDate: 2023-07-14 11:32:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-14 11:56:33 +0000 net-analyzer/wireshark: drop 3.6.13, 3.6.14, 4.0.5 Bug: https://bugs.gentoo.org/907133 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 3 - net-analyzer/wireshark/metadata.xml | 1 - net-analyzer/wireshark/wireshark-3.6.13.ebuild | 276 --------------------- net-analyzer/wireshark/wireshark-3.6.14.ebuild | 276 --------------------- net-analyzer/wireshark/wireshark-4.0.5.ebuild | 316 ------------------------- 5 files changed, 872 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e8a30f50018451e44407895ded131a11d1108b4d commit e8a30f50018451e44407895ded131a11d1108b4d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:24:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:26:26 +0000 [ GLSA 202309-02 ] Wireshark: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/878421 Bug: https://bugs.gentoo.org/899548 Bug: https://bugs.gentoo.org/904248 Bug: https://bugs.gentoo.org/907133 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-02.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) |