From the CVE request at $URL: Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3 References: http://www.wireshark.org/security/wnpa-sec-2011-18.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500 https://bugzilla.redhat.com/show_bug.cgi?id=750645 Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3 References: http://www.wireshark.org/security/wnpa-sec-2011-19.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508 https://bugzilla.redhat.com/show_bug.cgi?id=750648
Also CVE-2011-4100 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Affects Versions 1.6.x before 1.6.3 References: http://secunia.com/advisories/cve_reference/CVE-2011-4100/ http://openwall.com/lists/oss-security/2011/11/01/9 http://www.wireshark.org/security/wnpa-sec-2011-17.html http://www.wireshark.org/security/wnpa-sec-2011-18.html http://www.wireshark.org/security/wnpa-sec-2011-19.html
CVE-2011-4102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4102): Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. CVE-2011-4101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4101): The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. CVE-2011-4100 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4100): The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
1.6.4 is in the tree. Arch teams, please, stabilize: =net-analyzer/wireshark-1.6.4 Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Bug #394433 should probably be addressed before this goes stable.
Bug #394479 should not block this one. Stable for HPPA.
net-analyzer/wireshark-1.6.4 amd64 - Ok (haven't had time to do full QA tests, but usage is ok)
amd64 stable, thanks Tomas
pardon my ignorance, but why has wireshark-1.6.4 ebuild this conflict: DEPEND="${RDEPEND} ... !!<net-analyzer/wireshark-1.6.0_rc1" effectively blocking the upgrade, leaving the machine with old, vulnerable version?
(In reply to comment #8) > effectively blocking the upgrade, leaving the machine with old, vulnerable > version? Unmerge then emerge if your package manager doesn't do it for you. Bug #394479. Now please take your comments there (perhaps with a nice patch) - this is not the right place.
x86 stable
ppc/ppc64 done
alpha/ia64/sparc stable
Thanks, everyone. GLSA vote: yes.
Thanks, folks. GLSA Vote: no (client-side DoS only).
Vote: NO. Closing noglsa.