Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 230411 - net-analyzer/wireshark <1.0.1 DoS issues CVE-2008-{3137,3138,3139,3140,3141}
Summary: net-analyzer/wireshark <1.0.1 DoS issues CVE-2008-{3137,3138,3139,3140,3141}
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org/security/wnp...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-07-01 23:23 UTC by 7v5w7go9ub0o
Modified: 2008-08-06 00:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description 7v5w7go9ub0o 2008-07-01 23:23:17 UTC
http://www.wireshark.org/

Several security-related vulnerabilities have been fixed. 

Reproducible: Always
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2008-07-03 09:53:21 UTC
New version is in the tree. Arch teams, please, stabilize.

Target keywords:
wireshark-1.0.1: alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2008-07-03 20:23:38 UTC
alpha/ia64/sparc/x86 stable
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2008-07-04 00:04:01 UTC
Stable for HPPA.
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-07-05 14:26:54 UTC
ppc stable
Comment 5 Brent Baude (RETIRED) gentoo-dev 2008-07-05 14:32:16 UTC
ppc64 done
Comment 6 Markus Meier gentoo-dev 2008-07-05 16:06:09 UTC
dodoc: READMEbsd does not exist
dodoc: READMElinux does not exist
dodoc: READMEmacos does not exist
dodoc: READMEvmware does not exist

amd64 stable, all arches done.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 17:53:42 UTC
GLSA vote here... same that 215276, DoS but we already issued GLSAs for this... so voting YES.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-07-11 17:24:48 UTC
CVE-2008-3137:
         The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through
         1.0.0 allows remote attackers to cause a denial of service
         (application crash) via unknown vectors.
CVE-2008-3138:
         The (1) PANA and (2) KISMET dissectors in Wireshark (formerly
         Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a
         denial of service (application stop) via unknown vectors.
CVE-2008-3139:
         The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through
         1.0.0 allows remote attackers to cause a denial of service (crash) via
         unknown vectors.  NOTE: this might be due to a use-after-free error.
CVE-2008-3140:
         The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows
         remote attackers to cause a denial of service (application crash) via
         unknown vectors, possibly related to an "incomplete SS7 MSU syslog
         encapsulated packet."
CVE-2008-3141:
         Unspecified vulnerability in the RMI dissector in Wireshark (formerly
         Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system
         memory via unspecified vectors.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2008-07-15 10:39:48 UTC
YES too, filing request.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-08-06 00:47:00 UTC
GLSA 200808-04