Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 570564 - <net-analyzer/wireshark-{1.12.9,2.0.1}: multiple vulnerabilties (CVE-2015-{8711..8742})
Summary: <net-analyzer/wireshark-{1.12.9,2.0.1}: multiple vulnerabilties (CVE-2015-{87...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/docs/relnot...
Whiteboard: B3 [glsa]
Keywords:
Depends on: CVE-2016-2522, CVE-2016-2523, CVE-2016-2524, CVE-2016-2525, CVE-2016-2526, CVE-2016-2527, CVE-2016-2528, CVE-2016-2529, CVE-2016-2530, CVE-2016-2531, CVE-2016-2532
Blocks:
  Show dependency tree
 
Reported: 2016-01-02 06:47 UTC by Jeroen Roovers (RETIRED)
Modified: 2016-04-26 21:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2016-01-02 06:47:57 UTC
I don't see any CVEs yet.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2016-01-02 06:52:59 UTC
I don't know how much attachment exists out there to the old "workflow" of the 1.12 branch, so I am not sure whether to keep that branch alive and stabilise now. So far I have had no comments on the 2.0 branch going stable (and ruining everyone's lives).
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-01-02 07:07:17 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-2.0.1
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2016-01-02 14:48:48 UTC
Stable for PPC64.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-01-02 17:52:08 UTC
Stable for HPPA.
Comment 5 Agostino Sarubbo gentoo-dev 2016-01-02 18:55:14 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-01-09 07:10:38 UTC
sparc stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-01-10 11:23:04 UTC
alpha stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-01-11 09:56:24 UTC
ia64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-01-17 17:24:49 UTC
ppc stable
Comment 10 Andreas Schürch gentoo-dev 2016-01-19 16:01:13 UTC
x86 done, last arch!
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-03-15 10:16:34 UTC
CVE-2015-8742 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8742):
  The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the
  MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the
  column size, which allows remote attackers to cause a denial of service
  (memory consumption or application crash) via a crafted packet.

CVE-2015-8741 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8741):
  The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI
  dissector in Wireshark 2.0.x before 2.0.1 does not initialize a
  packet-header data structure, which allows remote attackers to cause a
  denial of service (application crash) via a crafted packet.

CVE-2015-8740 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8740):
  The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c
  in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the
  number of columns, which allows remote attackers to cause a denial of
  service (stack-based buffer overflow and application crash) via a crafted
  packet.

CVE-2015-8739 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8739):
  The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI
  dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a
  packet scope, which allows remote attackers to cause a denial of service
  (assertion failure and application exit) via a crafted packet.

CVE-2015-8738 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8738):
  The s7comm_decode_ud_cpu_szl_subfunc function in
  epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark
  2.0.x before 2.0.1 does not validate the list count in an SZL response,
  which allows remote attackers to cause a denial of service (divide-by-zero
  error and application crash) via a crafted packet.

CVE-2015-8737 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8737):
  The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in
  Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows
  remote attackers to cause a denial of service (divide-by-zero error and
  application crash) via a crafted file.

CVE-2015-8736 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8736):
  The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in
  Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which
  allows remote attackers to cause a denial of service (stack-based buffer
  overflow and application crash) via a crafted file.

CVE-2015-8735 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8735):
  The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth
  Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an
  incorrect integer data type, which allows remote attackers to cause a denial
  of service (invalid write operation and application crash) via a crafted
  packet.

CVE-2015-8734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8734):
  The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP
  dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which
  allows remote attackers to cause a denial of service (application crash) via
  a crafted packet.

CVE-2015-8733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8733):
  The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer
  file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does
  not validate the relationships between record lengths and record header
  lengths, which allows remote attackers to cause a denial of service
  (out-of-bounds read and application crash) via a crafted file.

CVE-2015-8732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8732):
  The dissect_zcl_pwr_prof_pwrprofstatersp function in
  epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in
  Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the
  Total Profile Number field, which allows remote attackers to cause a denial
  of service (out-of-bounds read and application crash) via a crafted packet.

CVE-2015-8731 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8731):
  The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the
  RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does
  not reject unknown TLV types, which allows remote attackers to cause a
  denial of service (out-of-bounds read and application crash) via a crafted
  packet.

CVE-2015-8730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8730):
  epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x
  before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items,
  which allows remote attackers to cause a denial of service (invalid read
  operation and application crash) via a crafted packet.

CVE-2015-8729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8729):
  The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser
  in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the
  presence of a '\0' character at the end of a date string, which allows
  remote attackers to cause a denial of service (out-of-bounds read and
  application crash) via a crafted file.

CVE-2015-8728 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8728):
  The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the
  ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A
  dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
  improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows
  remote attackers to cause a denial of service (buffer overflow and
  application crash) via a crafted packet.

CVE-2015-8727 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8727):
  The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the
  RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does
  not properly maintain request-key data, which allows remote attackers to
  cause a denial of service (use-after-free and application crash) via a
  crafted packet.

CVE-2015-8726 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8726):
  wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9
  and 2.0.x before 2.0.1 does not validate certain signature and Modulation
  and Coding Scheme (MCS) data, which allows remote attackers to cause a
  denial of service (out-of-bounds read and application crash) via a crafted
  file.

CVE-2015-8725 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8725):
  The dissect_diameter_base_framed_ipv6_prefix function in
  epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark
  1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6
  prefix length, which allows remote attackers to cause a denial of service
  (stack-based buffer overflow and application crash) via a crafted packet.

CVE-2015-8724 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8724):
  The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the
  802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
  does not verify the WPA broadcast key length, which allows remote attackers
  to cause a denial of service (out-of-bounds read and application crash) via
  a crafted packet.

CVE-2015-8723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8723):
  The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11
  dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not
  validate the relationship between the total length and the capture length,
  which allows remote attackers to cause a denial of service (stack-based
  buffer overflow and application crash) via a crafted packet.

CVE-2015-8722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8722):
  epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x
  before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer,
  which allows remote attackers to cause a denial of service (NULL pointer
  dereference and application crash) via a crafted packet.

CVE-2015-8721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8721):
  Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in
  Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote
  attackers to cause a denial of service (application crash) via a crafted
  packet with zlib compression.

CVE-2015-8720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8720):
  The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in
  the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1
  improperly checks an sscanf return value, which allows remote attackers to
  cause a denial of service (application crash) via a crafted packet.

CVE-2015-8719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8719):
  The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS
  dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client
  Subnet option, which allows remote attackers to cause a denial of service
  (application crash) via a crafted packet.

CVE-2015-8718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8718):
  Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM
  dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the
  "Match MSG/RES packets for async NLM" option is enabled, allows remote
  attackers to cause a denial of service (application crash) via a crafted
  packet.

CVE-2015-8717 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8717):
  The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP
  dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a
  negative media count, which allows remote attackers to cause a denial of
  service (application crash) via a crafted packet.

CVE-2015-8716 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8716):
  The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38
  dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a
  conversation exists, which allows remote attackers to cause a denial of
  service (application crash) via a crafted packet.

CVE-2015-8715 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8715):
  epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark
  1.12.x before 1.12.9 does not check for empty arguments, which allows remote
  attackers to cause a denial of service (infinite loop) via a crafted packet.

CVE-2015-8714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8714):
  The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the
  DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a
  certain IPv4 data structure, which allows remote attackers to cause a denial
  of service (application crash) via a crafted packet.

CVE-2015-8713 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8713):
  epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark
  1.12.x before 1.12.9 does not properly reserve memory for channel ID
  mappings, which allows remote attackers to cause a denial of service
  (out-of-bounds memory access and application crash) via a crafted packet.

CVE-2015-8712 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8712):
  The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c
  in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate
  the number of PDUs, which allows remote attackers to cause a denial of
  service (application crash) via a crafted packet.

CVE-2015-8711 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8711):
  epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x
  before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data,
  which allows remote attackers to cause a denial of service (NULL pointer
  dereference and application crash) via a crafted packet.
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-15 10:25:41 UTC
Added to existing GLSA.
Comment 13 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-15 10:31:33 UTC
Added to existing GLSA.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2016-04-26 21:27:41 UTC
This issue was resolved and addressed in
 GLSA 201604-05 at https://security.gentoo.org/glsa/201604-05
by GLSA coordinator Kristian Fiskerstrand (K_F).