1.10.10: The following vulnerabilities have been fixed. * [1]wnpa-sec-2014-12 RTP dissector crash. ([2]Bug 9920) [3]CVE-2014-6421 [4]CVE-2014-6422 * [5]wnpa-sec-2014-13 MEGACO dissector infinite loop. ([6]Bug 10333) [7]CVE-2014-6423 * [8]wnpa-sec-2014-14 Netflow dissector crash. ([9]Bug 10370) [10]CVE-2014-6424 * [11]wnpa-sec-2014-17 RTSP dissector crash. ([12]Bug 10381) [13]CVE-2014-6427 * [14]wnpa-sec-2014-18 SES dissector crash. ([15]Bug 10454) [16]CVE-2014-6428 * [17]wnpa-sec-2014-19 Sniffer file parser crash. ([18]Bug 10461) [19]CVE-2014-6429 [20]CVE-2014-6430 [21]CVE-2014-6431 [22]CVE-2014-6432 1.12.1: The following vulnerabilities have been fixed. * [1]wnpa-sec-2014-13 MEGACO dissector infinite loop. ([2]Bug 10333) [3]CVE-2014-6423 * [4]wnpa-sec-2014-14 Netflow dissector crash. ([5]Bug 10370) [6]CVE-2014-6424 * [7]wnpa-sec-2014-15 CUPS dissector crash. ([8]Bug 10353) [9]CVE-2014-6425 * [10]wnpa-sec-2014-16 HIP dissector infinite loop. [11]CVE-2014-6426 * [12]wnpa-sec-2014-17 RTSP dissector crash. ([13]Bug 10381) [14]CVE-2014-6427 * [15]wnpa-sec-2014-18 SES dissector crash. ([16]Bug 10454) [17]CVE-2014-6428 * [18]wnpa-sec-2014-19 Sniffer file parser crash. ([19]Bug 10461) [20]CVE-2014-6429 [21]CVE-2014-6430 [22]CVE-2014-6431 [23]CVE-2014-6432
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.12.1 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 PPC and PPC64 will want to deal with bug #511502 too.
Stable for HPPA.
amd64 stable
x86 stable
sparc stable
ppc64 stable
alpha stable
ia64 stable
ppc stable. Maintainer(s), please cleanup. Security, please vote.
CVE-2014-6432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6432): The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2014-6431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6431): Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. CVE-2014-6430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6430): The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2014-6429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6429): The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2014-6428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6428): The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-6427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6427): Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. CVE-2014-6426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6426): The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2014-6425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6425): The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. CVE-2014-6424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6424): The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. CVE-2014-6423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6423): The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. CVE-2014-6422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6422): The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. CVE-2014-6421 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6421): Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes
GLSA vote: yes. glsa request filed.
This issue was resolved and addressed in GLSA 201412-52 at http://security.gentoo.org/glsa/glsa-201412-52.xml by GLSA coordinator Mikle Kolyada (Zlogene).