[CVE-2021-4181] Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-4181 https://www.wireshark.org/security/wnpa-sec-2021-21.html Fixed versions: 3.6.1, 3.4.11 [CVE-2021-4182] Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-4182 https://www.wireshark.org/security/wnpa-sec-2021-20.html Fixed versions: 3.6.1, 3.4.11 or later. [CVE-2021-4183] Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-4183 https://www.wireshark.org/security/wnpa-sec-2021-19.html Fixed versions: 3.6.1 [CVE-2021-4184] Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-4184 https://www.wireshark.org/security/wnpa-sec-2021-18.html Fixed versions: 3.6.1, 3.4.11 [CVE-2021-4185] Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-4185 https://www.wireshark.org/security/wnpa-sec-2021-17.html Fixed versions: 3.6.1, 3.4.11 [CVE-2021-4186] Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-4186 https://www.wireshark.org/security/wnpa-sec-2021-16.html Fixed versions: 3.6.0, 3.4.11 [CVE-2021-4190] Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-4190 https://www.wireshark.org/security/wnpa-sec-2021-22.html Fixed versions: 3.6.1 Reproducible: Always
Thanks for filing!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3caad1cbd744874cbfa34c4ae41f0ded2b75311e commit 3caad1cbd744874cbfa34c4ae41f0ded2b75311e Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-03 08:55:51 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-04 04:53:34 +0000 net-analyzer/wireshark: add 3.4.11 Bug: https://bugs.gentoo.org/830343 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 +++++++++++++++++++++++++ 2 files changed, 286 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e9149320bdc41b6b90e801826955bb7b312047f commit 1e9149320bdc41b6b90e801826955bb7b312047f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-03 08:50:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-04 04:53:31 +0000 net-analyzer/wireshark: add 3.6.1 Bug: https://bugs.gentoo.org/830343 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.6.1.ebuild | 273 ++++++++++++++++++++++++++ 2 files changed, 274 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2f163b2438b412dffa637ae892000c2913d546f commit c2f163b2438b412dffa637ae892000c2913d546f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-20 05:35:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-20 05:35:47 +0000 net-analyzer/wireshark: drop 3.4.10, 3.4.11, 3.6.0-r1 Bug: https://bugs.gentoo.org/830343 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 3 - .../files/wireshark-3.6.0-fix-no-tshark.patch | 32 --- net-analyzer/wireshark/wireshark-3.4.10.ebuild | 283 -------------------- net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 --------------------- net-analyzer/wireshark/wireshark-3.6.0-r1.ebuild | 272 -------------------- 5 files changed, 875 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d09a146dec49ea5187a2c46959fe5b8ce1388b8 commit 2d09a146dec49ea5187a2c46959fe5b8ce1388b8 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-20 06:30:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-20 06:30:52 +0000 net-analyzer/wireshark: drop 3.4.10, 3.6.0-r1 Bug: https://bugs.gentoo.org/830343 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 2 - .../files/wireshark-3.6.0-fix-no-tshark.patch | 32 --- net-analyzer/wireshark/wireshark-3.4.10.ebuild | 283 --------------------- net-analyzer/wireshark/wireshark-3.6.0-r1.ebuild | 272 -------------------- 4 files changed, 589 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11d357718ec192403193260fe033e93973c3aa5f commit 11d357718ec192403193260fe033e93973c3aa5f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-20 06:29:48 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-20 06:30:07 +0000 Revert "net-analyzer/wireshark: drop 3.4.10, 3.4.11, 3.6.0-r1" This reverts commit c2f163b2438b412dffa637ae892000c2913d546f. Needed by stable libvirt. Bug: https://bugs.gentoo.org/830343 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 3 + .../files/wireshark-3.6.0-fix-no-tshark.patch | 32 +++ net-analyzer/wireshark/wireshark-3.4.10.ebuild | 283 ++++++++++++++++++++ net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 +++++++++++++++++++++ net-analyzer/wireshark/wireshark-3.6.0-r1.ebuild | 272 ++++++++++++++++++++ 5 files changed, 875 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97d0d735c5cd87bd92649af92ac9813441500ad6 commit 97d0d735c5cd87bd92649af92ac9813441500ad6 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-08 20:46:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-08 20:46:55 +0000 net-analyzer/wireshark: drop 3.4.11 Bug: https://bugs.gentoo.org/869140 Bug: https://bugs.gentoo.org/833294 Bug: https://bugs.gentoo.org/802216 Bug: https://bugs.gentoo.org/830343 Bug: https://bugs.gentoo.org/824474 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 - net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 ------------------------- 2 files changed, 286 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5afc42fac6b85a1784ed825e9428c75b6e2e32b0 commit 5afc42fac6b85a1784ed825e9428c75b6e2e32b0 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-08 20:46:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-08 20:46:37 +0000 profiles/base: mask libvirt[wireshark-plugins] for older libvirt Bug: https://bugs.gentoo.org/869140 Bug: https://bugs.gentoo.org/833294 Bug: https://bugs.gentoo.org/802216 Bug: https://bugs.gentoo.org/830343 Bug: https://bugs.gentoo.org/824474 Signed-off-by: Sam James <sam@gentoo.org> profiles/base/package.use.mask | 4 ++++ 1 file changed, 4 insertions(+)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0b5bad8c2504362c0e8f33550615df1018533a8 commit e0b5bad8c2504362c0e8f33550615df1018533a8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:40:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:23 +0000 [ GLSA 202210-04 ] Wireshark: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/802216 Bug: https://bugs.gentoo.org/824474 Bug: https://bugs.gentoo.org/830343 Bug: https://bugs.gentoo.org/833294 Bug: https://bugs.gentoo.org/869140 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+)
GLSA released, all done!
