From ${URL} : Description Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error in the Bluetooth HCI ACL dissector (dissectors/packet-bthci_acl.c) can be exploited to cause a crash. This vulnerability is reported in versions 1.10.0 and 1.10.1. 2) An error in the NBAP dissector (dissectors/packet-nbap.c) can be exploited to cause a crash. 3) An error in the ASSA R3 dissector (dissectors/packet-assa_r3.c) can be exploited to cause an infinite loop and consume CPU resources. 4) An error in the RTPS dissector (dissectors/packet-rtsp.c) can be exploited to cause a buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. 5) An error in the MQ dissector (dissectors/packet-mq.c) can be exploited to cause a crash. 6) An error in the LDAP dissector (dissectors/packet-ldap.c) can be exploited to cause a crash. 7) An error in the Netmon file parser (wiretap/netmon.c) can be exploited to cause a crash via a specially crafted packet trace file. The vulnerabilities #2 through #7 are reported in versions 1.8.0 through 1.8.9, 1.10.0, and 1.10.1. Solution: Update to version 1.8.10 or 1.10.2. Provided and/or discovered by: 5, 6) Reported by the vendor The vendor credits: 1, 2) Laurent Butti 3, 4) Ben Schmidt 7) G. Geshev Original Advisory: http://www.wireshark.org/docs/relnotes/wireshark-1.10.2.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.8.10 =net-analyzer/wireshark-1.10.2 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
amd64 stable
x86 stable
ppc stable
ppc64 stable
ia64 stable
Stable for HPPA.
alpha stable
sparc stable
CVE-2013-5722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5722): Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5721): The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5720): Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5719): epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2013-5718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5718): The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5717 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5717): The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.
GLSA drafted and ready for review.
This issue was resolved and addressed in GLSA 201312-13 at http://security.gentoo.org/glsa/glsa-201312-13.xml by GLSA coordinator Sergey Popov (pinkbyte).
