https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html The following vulnerabilities have been fixed: wnpa-sec-2016-01 DLL hijacking vulnerability. CVE-2016-2521 wnpa-sec-2016-02 ASN.1 BER dissector crash. (Bug 11828) CVE-2016-2522 wnpa-sec-2016-03 DNP dissector infinite loop. (Bug 11938) CVE-2016-2523 wnpa-sec-2016-04 X.509AF dissector crash. (Bug 12002) CVE-2016-2524 wnpa-sec-2016-05 HTTP/2 dissector crash. (Bug 12077) CVE-2016-2525 wnpa-sec-2016-06 HiQnet dissector crash. (Bug 11983) CVE-2016-2526 wnpa-sec-2016-07 3GPP TS 32.423 Trace file parser crash. (Bug 11982) CVE-2016-2527 wnpa-sec-2016-08 LBMC dissector crash. (Bug 11984) CVE-2016-2528 wnpa-sec-2016-09 iSeries file parser crash. (Bug 11985) CVE-2016-2529 wnpa-sec-2016-10 RSL dissector crash. (Bug 11829) CVE-2016-2530 CVE-2016-2531 wnpa-sec-2016-11 LLRP dissector crash. (Bug 12048) CVE-2016-2532 wnpa-sec-2016-12 Ixia IxVeriWave file parser crash. (Bug 11795) wnpa-sec-2016-13 IEEE 802.11 dissector crash. (Bug 11818) wnpa-sec-2016-14 GSM A-bis OML dissector crash. (Bug 11825) wnpa-sec-2016-15 ASN.1 BER dissector crash. (Bug 12106) wnpa-sec-2016-16 SPICE dissector large loop. (Bug 12151) wnpa-sec-2016-17 NFS dissector crash. wnpa-sec-2016-18 ASN.1 BER dissector crash. (Bug 11822)
Arch teams, please test and mark stable: =net-analyzer/wireshark-2.0.2 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Stable for PPC64.
Stable for HPPA.
amd64 stable
CVE-2016-2532 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2532): The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVE-2016-2531 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2531): Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. CVE-2016-2530 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2530): The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. CVE-2016-2529 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2529): The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVE-2016-2528 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2528): The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVE-2016-2527 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2527): wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVE-2016-2526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2526): epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2016-2525 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2525): epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVE-2016-2524 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2524): epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-2523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2523): The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2016-2522 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2522): The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2016-2521 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2521): Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
GLSA request filed.
x86 stable
Stable on alpha.
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Added to existing GLSA.
This issue was resolved and addressed in GLSA 201604-05 at https://security.gentoo.org/glsa/201604-05 by GLSA coordinator Kristian Fiskerstrand (K_F).
