From https://www.wireshark.org/docs/relnotes/wireshark-3.6.14.html / https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html: """ The following vulnerabilities have been fixed: wnpa-sec-2023-12 Candump log file parser crash. Issue 19062. CVE-2023-2855. wnpa-sec-2023-13 BLF file parser crash. Issue 19063. CVE-2023-2857. wnpa-sec-2023-14 GDSDB dissector infinite loop. Issue 19068. wnpa-sec-2023-15 NetScaler file parser crash. Issue 19081. CVE-2023-2858. wnpa-sec-2023-16 VMS TCPIPtrace file parser crash. Issue 19083. CVE-2023-2856. wnpa-sec-2023-19 IEEE C37.118 Synchrophasor dissector crash. Issue 19087. CVE-2023-0668. wnpa-sec-2023-20 XRA dissector infinite loop. Issue 19100. """ and """ wnpa-sec-2023-12 Candump log file parser crash. Issue 19062. CVE-2023-2855. wnpa-sec-2023-13 BLF file parser crash. Issue 19063. CVE-2023-2857. wnpa-sec-2023-14 GDSDB dissector infinite loop. Issue 19068. wnpa-sec-2023-15 NetScaler file parser crash. Issue 19081. CVE-2023-2858. wnpa-sec-2023-16 VMS TCPIPtrace file parser crash. Issue 19083. CVE-2023-2856. wnpa-sec-2023-17 BLF file parser crash. Issue 19084. CVE-2023-2854. wnpa-sec-2023-18 RTPS dissector crash. Issue 19085. CVE-2023-0666. wnpa-sec-2023-19 IEEE C37.118 Synchrophasor dissector crash. Issue 19087. CVE-2023-0668. wnpa-sec-2023-20 XRA dissector infinite loop. Issue 19100. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91f6f69cad3d8d5872f0d3b22c4ab49f5e63f0a7 commit 91f6f69cad3d8d5872f0d3b22c4ab49f5e63f0a7 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-25 06:35:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-25 06:36:07 +0000 net-analyzer/wireshark: add 4.0.6 Bug: https://bugs.gentoo.org/907133 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-4.0.6.ebuild | 314 ++++++++++++++++++++++++++ 2 files changed, 315 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b6ca39b757ff6400ee802d430459d17a38946ad commit 9b6ca39b757ff6400ee802d430459d17a38946ad Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-25 06:31:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-25 06:36:06 +0000 net-analyzer/wireshark: add 3.6.14 Bug: https://bugs.gentoo.org/907133 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.6.14.ebuild | 274 +++++++++++++++++++++++++ 2 files changed, 275 insertions(+)
CVE-2023-2952 (https://www.wireshark.org/security/wnpa-sec-2023-20.html): XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVE-2023-0667 (https://gitlab.com/wireshark/wireshark/-/issues/19086): Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd1dc29662e09caace78b9d9832e7ddb34195b4b commit dd1dc29662e09caace78b9d9832e7ddb34195b4b Author: Sam James <sam@gentoo.org> AuthorDate: 2023-07-14 11:32:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-14 11:56:33 +0000 net-analyzer/wireshark: drop 3.6.13, 3.6.14, 4.0.5 Bug: https://bugs.gentoo.org/907133 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 3 - net-analyzer/wireshark/metadata.xml | 1 - net-analyzer/wireshark/wireshark-3.6.13.ebuild | 276 --------------------- net-analyzer/wireshark/wireshark-3.6.14.ebuild | 276 --------------------- net-analyzer/wireshark/wireshark-4.0.5.ebuild | 316 ------------------------- 5 files changed, 872 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e8a30f50018451e44407895ded131a11d1108b4d commit e8a30f50018451e44407895ded131a11d1108b4d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:24:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:26:26 +0000 [ GLSA 202309-02 ] Wireshark: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/878421 Bug: https://bugs.gentoo.org/899548 Bug: https://bugs.gentoo.org/904248 Bug: https://bugs.gentoo.org/907133 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-02.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+)