http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
No word on an 1.10.1 yet, though the release notes say that 1.10.0 is vulnerable too.
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.6.16 =net-analyzer/wireshark-1.8.8 Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
alpha stable
ia64 stable
ppc stable
ppc64 stable
sparc stable
x86 stable
amd64 stable
Stable for HPPA.
CVE-2013-4082 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082): The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. CVE-2013-4081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081): The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. CVE-2013-4080 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080): The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. CVE-2013-4079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079): The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. CVE-2013-4078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078): epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077): Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. CVE-2013-4076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076): Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075): epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074): The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Thanks for your work, added to existing GLSA draft
This issue was resolved and addressed in GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml by GLSA coordinator Sergey Popov (pinkbyte).
