Version bump request. Release Notes: https://www.wireshark.org/docs/relnotes/wireshark-1.10.8.html Reproducible: Always
It was reported that Wireshark's Frame metadissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This is reported to affect Wireshark versions 1.10.0 to 1.10.7. It is fixed in 1.10.8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.8.15 =net-analyzer/wireshark-1.10.8 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
amd64 stable
x86 stable
Stable on alpha.
(In reply to Tobias Klausmann from comment #6) > Stable on alpha. You didn't stabilise =net-analyzer/wireshark-1.8.15 or mention here why you didn't.
My bad, fixed.
sparc stable
ia64 stable
ppc* stable Added to existing glsa draft. Cleanup, please!
Cleanup done by Jeroen Roovers.
This issue was resolved and addressed in GLSA 201406-33 at http://security.gentoo.org/glsa/glsa-201406-33.xml by GLSA coordinator Mikle Kolyada (Zlogene).
CVE-2014-4020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4020): The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.