Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552434 (CVE-2015-4651) - <net-analyzer/wireshark-1.12.6 - WCCP dissector crash, GSM DTAP dissector crash (CVE-2015-{4651,4652})
Summary: <net-analyzer/wireshark-1.12.6 - WCCP dissector crash, GSM DTAP dissector cra...
Status: RESOLVED FIXED
Alias: CVE-2015-4651
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-18 04:42 UTC by Jeroen Roovers
Modified: 2015-10-31 15:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2015-06-18 04:42:44 UTC
The following vulnerabilities have been fixed.
     * [1]wnpa-sec-2015-19
       WCCP dissector crash. (Bug 11153)
     * [2]wnpa-sec-2015-20
       GSM DTAP dissector crash. (Bug 11201)



[1] https://www.wireshark.org/security/wnpa-sec-2015-19.html
[2] https://www.wireshark.org/security/wnpa-sec-2015-20.html
Comment 1 Jeroen Roovers gentoo-dev 2015-06-18 05:19:50 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.12.6
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 2 Agostino Sarubbo gentoo-dev 2015-06-18 08:37:55 UTC
amd64 stable
Comment 3 Jeroen Roovers gentoo-dev 2015-06-19 12:40:36 UTC
Stable for PPC64.
Comment 4 Jeroen Roovers gentoo-dev 2015-06-19 14:25:56 UTC
Stable for HPPA.
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-06-21 06:16:29 UTC
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-06-24 08:03:02 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-07-03 08:28:30 UTC
alpha stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-07-03 08:29:10 UTC
sparc stable
Comment 9 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-22 15:33:09 UTC
ia64 stable

Please, cleanup!

Added to existing glsa draft
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2015-07-22 15:37:44 UTC
CVE-2015-4652 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4652):
  epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark
  1.12.x before 1.12.6 does not properly validate digit characters, which
  allows remote attackers to cause a denial of service (application crash) via
  a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.

CVE-2015-4651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4651):
  The dissect_wccp2r1_address_table_info function in
  epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x
  before 1.12.6 does not properly determine whether enough memory is available
  for storing IP address strings, which allows remote attackers to cause a
  denial of service (application crash) via a crafted packet.
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-22 17:35:08 UTC
Old dropped because was keyworded only on ia64
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2015-10-31 15:11:06 UTC
This issue was resolved and addressed in
 GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03
by GLSA coordinator Kristian Fiskerstrand (K_F).