The following vulnerabilities have been fixed. wnpa-sec-2012-26 The HSRP dissector could go into an infinite loop. (Bug 7581) Versions affected: 1.8.0 to 1.8.2. CVE-2012-5237 wnpa-sec-2012-27 The PPP dissector could abort. (Bug 7316, bug 7668) Versions affected: 1.8.0 to 1.8.2. CVE-2012-5238 wnpa-sec-2012-28 Martin Wilck discovered an infinite loop in the DRDA dissector. (Bug 7666) Versions affected: 1.6.0 to 1.6.10, 1.8.0 to 1.8.2. CVE-2012-5239 wnpa-sec-2012-29 Laurent Butti discovered a buffer overflow in the LDP dissector. (Bug 7567) Versions affected: 1.8.0 to 1.8.2. CVE-2012-5240
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.8.3 Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Please take note of bug #437032 while testing.
stable ppc ppc64
amd64 stable
Stable for HPPA.
alpha/ia64/sparc stable
Hm, why isn't x86 here?
Stable for x86.
CVE-2012-5240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5240): Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. CVE-2012-5238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5238): epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. CVE-2012-5237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5237): The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Thanks, everyone. GLSA vote: no.
Thanks, folks. GLSA Vote: no too. Closing noglsa.