Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 634872 (CVE-2017-15191, CVE-2017-15192, CVE-2017-15193) - <net-analyzer/wireshark-2.4.2: Multiple vulnerabilities
Summary: <net-analyzer/wireshark-2.4.2: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-15191, CVE-2017-15192, CVE-2017-15193
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
: 633992 (view as bug list)
Depends on: CVE-2017-13765, CVE-2017-13766, CVE-2017-13767 635686
Blocks:
  Show dependency tree
 
Reported: 2017-10-20 15:02 UTC by GLSAMaker/CVETool Bot
Modified: 2018-03-25 18:47 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-20 15:02:55 UTC
CVE-2017-15193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15193):
  In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could
  crash or exhaust system memory. This was addressed in
  epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

CVE-2017-15192 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15192):
  In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could
  crash. This was addressed in epan/dissectors/packet-btatt.c by considering a
  case where not all of the BTATT packets have the same encapsulation level.

CVE-2017-15191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15191):
  In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP
  dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by
  validating a string length.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-20 15:07:05 UTC
*** Bug 633992 has been marked as a duplicate of this bug. ***
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-25 18:47:14 UTC
2.2.x has been dekeyworded for all arches except alpha.  Cleanup of that version will be tracked in a newer bug.