Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 549432 (CVE-2015-3808) - <net-analyzer/wireshark-1.12.5 - multiple vulnerabilities (CVE-2015-{3808,3809,3810,3811,3812,3813,3814,3815,3906})
Summary: <net-analyzer/wireshark-1.12.5 - multiple vulnerabilities (CVE-2015-{3808,380...
Status: RESOLVED FIXED
Alias: CVE-2015-3808
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-14 07:32 UTC by Jeroen Roovers (RETIRED)
Modified: 2015-10-31 15:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2015-05-14 07:32:42 UTC
The following vulnerabilities have been fixed.
     * [1]wnpa-sec-2015-12
       The LBMR dissector could go into an infinite loop. ([2]Bug 11036)
       [3]CVE-2015-3808 [4]CVE-2015-3809
     * [5]wnpa-sec-2015-13
       The WebSocket dissector could recurse excessively. ([6]Bug 10989)
       [7]CVE-2015-3810
     * [8]wnpa-sec-2015-14
       The WCP dissector could crash while decompressing data. ([9]Bug
       10978) [10]CVE-2015-3811
     * [11]wnpa-sec-2015-15
       The X11 dissector could leak memory. ([12]Bug 11088)
       [13]CVE-2015-3812
     * [14]wnpa-sec-2015-16
       The packet reassembly code could leak memory. ([15]Bug 11129)
       [16]CVE-2015-3813
     * [17]wnpa-sec-2015-17
       The IEEE 802.11 dissector could go into an infinite loop. ([18]Bug
       11110) [19]CVE-2015-3814
     * [20]wnpa-sec-2015-18
       The Android Logcat file parser could crash. Discovered by Hanno
       Böck. ([21]Bug 11188) [22]CVE-2015-3815
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-14 07:53:17 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.12.5
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-14 09:20:18 UTC
Stable for PPC64.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-15 04:18:39 UTC
Stable for HPPA.
Comment 4 Pacho Ramos gentoo-dev 2015-05-15 11:57:23 UTC
ppc stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-05-15 16:02:51 UTC
amd64 stable
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-05-15 16:03:44 UTC
x86 stable
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2015-06-14 20:05:38 UTC
CVE-2015-3906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3906):
  The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file
  parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of
  \0 termination, which allows remote attackers to cause a denial of service
  (out-of-bounds read and application crash) via a crafted message in a
  packet, a different vulnerability than CVE-2015-3815.

CVE-2015-3815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3815):
  The detect_version function in wiretap/logcat.c in the Android Logcat file
  parser in Wireshark 1.12.x before 1.12.5 does not check the length of the
  payload, which allows remote attackers to cause a denial of service
  (out-of-bounds read and application crash) via a packet with a crafted
  payload, as demonstrated by a length of zero, a different vulnerability than
  CVE-2015-3906.

CVE-2015-3814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3814):
  The (1) dissect_tfs_request and (2) dissect_tfs_response functions in
  epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark
  1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a
  length rather than an error condition, which allows remote attackers to
  cause a denial of service (infinite loop) via a crafted packet.

CVE-2015-3813 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3813):
  The fragment_add_work function in epan/reassemble.c in the packet-reassembly
  feature in Wireshark 1.12.x before 1.12.5 does not properly determine the
  defragmentation state in a case of an insufficient snapshot length, which
  allows remote attackers to cause a denial of service (memory consumption)
  via a crafted packet.

CVE-2015-3812 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3812):
  Multiple memory leaks in the x11_init_protocol function in
  epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before
  1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of
  service (memory consumption) via a crafted packet.

CVE-2015-3811 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3811):
  epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before
  1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed
  bytes, which allows remote attackers to cause a denial of service
  (application crash) via a crafted packet, a different vulnerability than
  CVE-2015-2188.

CVE-2015-3810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3810):
  epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark
  1.12.x before 1.12.5 uses a recursive algorithm, which allows remote
  attackers to cause a denial of service (CPU consumption) via a crafted
  packet.

CVE-2015-3809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3809):
  The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR
  dissector in Wireshark 1.12.x before 1.12.5 does not properly track the
  current offset, which allows remote attackers to cause a denial of service
  (infinite loop) via a crafted packet.

CVE-2015-3808 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3808):
  The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR
  dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length,
  which allows remote attackers to cause a denial of service (infinite loop)
  via a crafted packet.
Comment 8 Agostino Sarubbo gentoo-dev 2015-06-17 08:51:19 UTC
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-07-03 08:28:13 UTC
alpha stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-22 15:27:42 UTC
Added to existing glsa draft, lets continue in another bug.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2015-10-31 15:10:59 UTC
This issue was resolved and addressed in
 GLSA 201510-03 at https://security.gentoo.org/glsa/201510-03
by GLSA coordinator Kristian Fiskerstrand (K_F).