Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 183520 - net-analyzer/wireshark < 0.99.6 multiple vulnerabilities (CVE-2007-3389, 3390, 3391, 3392, 3393)
Summary: net-analyzer/wireshark < 0.99.6 multiple vulnerabilities (CVE-2007-3389, 3390...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org/docs/relnote...
Whiteboard: B? [glsa]
Keywords:
: 183521 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-06-28 13:21 UTC by Tony Vroon
Modified: 2011-10-30 22:38 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tony Vroon gentoo-dev 2007-06-28 13:21:13 UTC
#

Wireshark could crash when dissecting an HTTP chunked response. (Bug 1394)

Versions affected: 0.99.5

#

On some systems, Wireshark could crash while reading iSeries capture files. (Bug 1415)

Versions affected: 0.10.14 to 0.99.5

#

Wireshark could exhaust system memory while reading a malformed DCP ETSI packet. (Bug 1264)

Versions affected: 0.99.5

#

Wireshark could loop excessively while reading a malformed SSL packet. (Bug 1582)

Versions affected: ?

#

The DHCP/BOOTP dissector was susceptible to an off-by-one error. (Bug 1416)

Versions affected: ?

#

Wireshark could loop excessively while reading a malformed MMS packet. (Bug 1382)

Versions affected: ?
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2007-06-28 13:36:32 UTC
*** Bug 183521 has been marked as a duplicate of this bug. ***
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2007-06-28 14:45:03 UTC
no reason to restrict this bug
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-29 21:11:36 UTC
netmon please advise and patch as necessary.
Comment 4 Markus Ullmann (RETIRED) gentoo-dev 2007-07-06 16:11:39 UTC
Bumped in CVS though I'd be happy for another pair of eyes first if all security issues are really fixed...
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 07:46:36 UTC
Seems like mostly minor issues. Anyways.

Arches please test and mark stable. Target keywords are:

wireshark-0.99.6.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2007-07-15 16:48:58 UTC
pva has the patch for the --as-needed failure...so we could wait until he adds it...
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 18:08:06 UTC
Back to ebuild awaiting patch.
Comment 8 Samuli Suominen (RETIRED) gentoo-dev 2007-07-15 20:27:38 UTC
(In reply to comment #7)
> Back to ebuild awaiting patch.
> 

I've just fixed the issue with asneeded so it should be ok to proceed.
Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev 2007-07-16 15:34:12 UTC
sparc stable.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2007-07-16 16:45:19 UTC
alpha/ia64/x86 stable
Comment 11 Marcus D. Hanwell (RETIRED) gentoo-dev 2007-07-16 18:57:01 UTC
Stable on amd64.
Comment 12 Markus Rothe (RETIRED) gentoo-dev 2007-07-16 18:59:05 UTC
ppc64 stable
Comment 13 Jeroen Roovers (RETIRED) gentoo-dev 2007-07-16 22:38:31 UTC
Stable for HPPA.
Comment 14 Tobias Scherbaum (RETIRED) gentoo-dev 2007-07-20 18:31:40 UTC
ppc stable - time for glsa voting
Comment 15 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-20 20:57:29 UTC
although it's mainly minor issues like Jaervosz pointed out, there's still the off-by-one error, which means possible remote code execution, so I vote YES.
Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-22 07:33:26 UTC
I tend to vote YES.
Comment 17 Matt Drew (RETIRED) gentoo-dev 2007-07-24 10:55:44 UTC
Two yes votes = glsa request.

CVE-2007-3389
CVE-2007-3390
CVE-2007-3391
CVE-2007-3392
CVE-2007-3393

Comment 18 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-08-16 22:06:11 UTC
GLSA 200708-12!