Version bump request.
It was reported that Wireshark's Frame metadissector could crash. It may be
possible to make Wireshark crash by injecting a malformed packet onto the wire
or by convincing someone to read a malformed packet trace file.
This is reported to affect Wireshark versions 1.10.0 to 1.10.7. It is fixed in
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
Stable on alpha.
(In reply to Tobias Klausmann from comment #6)
> Stable on alpha.
You didn't stabilise =net-analyzer/wireshark-1.8.15 or mention here why you didn't.
My bad, fixed.
Added to existing glsa draft.
Cleanup done by Jeroen Roovers.
This issue was resolved and addressed in
GLSA 201406-33 at http://security.gentoo.org/glsa/glsa-201406-33.xml
by GLSA coordinator Mikle Kolyada (Zlogene).
The dissect_frame function in epan/dissectors/packet-frame.c in the frame
metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative
integer as a length value even though it was intended to represent an error
condition, which allows remote attackers to cause a denial of service
(application crash) via a crafted packet.