Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 824474 (CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929) - <net-analyzer/wireshark-3.4.10: Multiple vulnerabilities
Summary: <net-analyzer/wireshark-3.4.10: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 827866
Blocks:
  Show dependency tree
 
Reported: 2021-11-18 08:42 UTC by Sam James
Modified: 2022-10-16 14:55 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-18 08:42:31 UTC 
From https://www.wireshark.org/docs/relnotes/wireshark-3.4.10.html: 
```
    wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
    wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926.
    wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
    wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
    wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.
    wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
    wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
    wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
    wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920.
```
Comment 1 Larry the Git Cow gentoo-dev 2021-11-18 08:59:55 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87d6a9904b211382bff874f539e96268369f81ac

commit 87d6a9904b211382bff874f539e96268369f81ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-18 08:56:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-18 08:59:44 +0000

    net-analyzer/wireshark: add 3.4.10
    
    Now with tests! Restricted known-failing ones.
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 +
 net-analyzer/wireshark/wireshark-3.4.10.ebuild | 281 +++++++++++++++++++++++++
 net-analyzer/wireshark/wireshark-9999.ebuild   |   5 +-
 3 files changed, 285 insertions(+), 2 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2021-12-13 05:17:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06eb3e1a2d8234b725d8c8962c235a97cb65e9b1

commit 06eb3e1a2d8234b725d8c8962c235a97cb65e9b1
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-13 05:17:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-13 05:17:04 +0000

    net-analyzer/wireshark: drop 3.4.9
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 -
 net-analyzer/wireshark/wireshark-3.4.9.ebuild | 280 --------------------------
 2 files changed, 281 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-10-08 20:47:11 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97d0d735c5cd87bd92649af92ac9813441500ad6

commit 97d0d735c5cd87bd92649af92ac9813441500ad6
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-08 20:46:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-08 20:46:55 +0000

    net-analyzer/wireshark: drop 3.4.11
    
    Bug: https://bugs.gentoo.org/869140
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 -
 net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 -------------------------
 2 files changed, 286 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5afc42fac6b85a1784ed825e9428c75b6e2e32b0

commit 5afc42fac6b85a1784ed825e9428c75b6e2e32b0
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-08 20:46:37 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-08 20:46:37 +0000

    profiles/base: mask libvirt[wireshark-plugins] for older libvirt
    
    Bug: https://bugs.gentoo.org/869140
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.use.mask | 4 ++++
 1 file changed, 4 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 03:28:36 UTC 
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-10-16 14:46:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0b5bad8c2504362c0e8f33550615df1018533a8

commit e0b5bad8c2504362c0e8f33550615df1018533a8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-16 14:40:26 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:45:23 +0000

    [ GLSA 202210-04 ] Wireshark: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/802216
    Bug: https://bugs.gentoo.org/824474
    Bug: https://bugs.gentoo.org/830343
    Bug: https://bugs.gentoo.org/833294
    Bug: https://bugs.gentoo.org/869140
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-16 14:55:48 UTC 
GLSA released, all done!