<http://www.wireshark.org/security/wnpa-sec-2011-08.html>: Large/infinite loop in the DICOM dissector. (Bug 5876) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (Bug 5912) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. (Bug 5908) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (Bug 5934) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
Arch teams, please, stabilize wireshark-1.4.7.
>>> Preparing source in /tmp/portage/net-analyzer/wireshark-1.4.7/work/wireshark-1.4.7 ... * Cannot find $EPATCH_SOURCE! Value for $EPATCH_SOURCE is: * * /usr/portage/net-analyzer/wireshark/files/wireshark-1.4.7-wspy_dissectors_dir.patch * ( wireshark-1.4.7-wspy_dissectors_dir.patch ) * ERROR: net-analyzer/wireshark-1.4.7 failed (prepare phase): * Cannot find $EPATCH_SOURCE!
anyway fixing the ebuild locally it works for me on amd64. Same error on lua (see precedent stablereq of wireshark) but is not a regression.
Err, patch dropped (as it should).
amd64: emerged: all a ok
ppc done
Stable for HPPA.
x86 stable. Thanks
alpha/ia64/sparc stable
amd64 done. Thanks Agostino and Ian
CVE Assignment: > > Wireshark 1.2.17 fixes the following vulnerabilities: > > > > Large/infinite loop in the DICOM dissector. (Bug 5876) > > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. CVE-2011-1957 > > > > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered > > that a corrupted Diameter dictionary file could crash Wireshark. > > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. CVE-2011-1958 > > > > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered > > that a corrupted snoop file could crash Wireshark. (Bug 5912) > > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. CVE-2011-1959 > > > > David Maciejak of Fortinet's FortiGuard Labs discovered that malformed > > compressed capture data could crash Wireshark. (Bug 5908) > > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. CVE-2011-2174 > > > > Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered > > that a corrupted Visual Networks file could crash Wireshark. (Bug > > 5934) > > Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. CVE-2011-2175
ppc64 stable, last arch done
Thanks, folks. GLSA Vote: No.
CVE-2011-2175 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175): Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. CVE-2011-2174 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174): Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. CVE-2011-1959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959): The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. CVE-2011-1958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958): Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. CVE-2011-1957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957): The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.
This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li).