From ${URL} : Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error exists in the DCP ETSI dissector. For more information: SA53762 (#10) 2) An error in the P1 dissector can be exploited to cause a crash. 3) An error in the Radiotap dissector can be exploited to cause a crash. 4) Some errors in the DCOM ISystemActivator dissector can be exploited to cause crashes. 5) An error in the Bluetooth SDP dissector can be exploited to trigger a large loop and consume CPU resources. 6) An error in the Bluetooth OBEX dissector can be exploited to trigger an infinite loop and consume excessive CPU resources. 7) An error in the DIS dissector can be exploited to trigger a large loop and consume CPU resources. 8) An error in the DVB-CI dissector can be exploited to cause a crash. 9) Some errors in the GSM dissectors including the GSM RR dissector can be exploited to trigger a large loop and consume CPU resources. 10) An error in the GSM A Common dissector can be exploited to cause a crash. 11) Some errors in the Netmon file parser can be exploited to cause crashes. 12) An error in the ASN.1 PER dissector can be exploited to cause a crash. The vulnerabilities #5, #7, #8, #9, #10, #11, and #12 are reported in versions 1.10.0 and 1.8.0 through 1.8.8. 13) An error in the PROFINET Real-Time dissector can be exploited to cause a crash. The vulnerabilities #1, #2 through #4, #6, and #13 are reported in version 1.10.0. Solution: Update to version 1.10.1, 1.8.9, or later. Provided and/or discovered by: 1, 6-10, 13) Reported by the vendor. 2-5) The vendor credits Laurent Butti. 11) The vendor credits G. Geshev. 12) The vendor credits Oliver-Tobias Ripka. Original Advisory: http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.8.9 =net-analyzer/wireshark-1.10.1 Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
1.6.16 is EOL and is gone. Why was it included here?
Stable for HPPA.
alpha stable
amd64 stable
ia64 stable
ppc64 stable
ppc stable
sparc stable
x86 stable
GLSA vote: yes
CVE-2013-4936 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936): The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVE-2013-4935 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935): The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4934 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934): The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVE-2013-4933 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933): The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVE-2013-4932 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932): Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4931 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931): epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. CVE-2013-4930 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930): The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVE-2013-4929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929): The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. CVE-2013-4928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928): Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2013-4927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927): Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVE-2013-4926 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926): epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925): Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. CVE-2013-4924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924): epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVE-2013-4923 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923): Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. CVE-2013-4922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922): Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4921 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921): Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4920 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920): The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083): The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Added to existing GLSA draft
This issue was resolved and addressed in GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml by GLSA coordinator Sergey Popov (pinkbyte).
