Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 508506 (CVE-2014-2907) - <net-analyzer/wireshark-1.10.7 - RTP dissector crash (CVE-2014-2907)
Summary: <net-analyzer/wireshark-1.10.7 - RTP dissector crash (CVE-2014-2907)
Status: RESOLVED FIXED
Alias: CVE-2014-2907
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.wireshark.org/security/wnp...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-23 14:00 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-06-29 16:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2014-04-23 14:00:31 UTC 
* [1]wnpa-sec-2014-06
       The RTP dissector could crash. ([2]Bug 9885)
       Versions affected: 1.10.0 to 1.10.6
       [3]CVE-2014-2907
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2014-04-23 14:24:47 UTC 
Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.10.7
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-04-23 23:53:17 UTC 
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2014-04-26 09:09:16 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-04-27 09:09:05 UTC 
x86 stable
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-04-29 21:22:51 UTC 
CVE-2014-2907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2907):
  The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP
  dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP
  conversation data, which allows remote attackers to cause a denial of
  service (application crash) via a crafted packet.
Comment 6 Agostino Sarubbo gentoo-dev 2014-05-10 14:02:27 UTC 
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-05-11 08:05:45 UTC 
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-05-13 15:21:48 UTC 
ia64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-05-14 16:11:56 UTC 
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-05-17 13:51:05 UTC 
alpha stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2014-06-10 01:23:41 UTC 
Arches and Mainter(s), Thank you for your work.

Added to an existing GLSA request.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-06-29 16:14:45 UTC 
This issue was resolved and addressed in
 GLSA 201406-33 at http://security.gentoo.org/glsa/glsa-201406-33.xml
by GLSA coordinator Mikle Kolyada (Zlogene).