====================================================== Name: CVE-2013-4074 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-32.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725 The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4075 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4075 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-33.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664 Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726 epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4076 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4076 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=46128&r2=46127&pathrev=46128 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=46128 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-34.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880 Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727 Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4077 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4077 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49418 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-35.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697 Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. ====================================================== Name: CVE-2013-4078 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4078 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-36.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862 Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729 epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-4079 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4079 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_cbch.c?r1=49686&r2=49685&pathrev=49686 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49686 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-37.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730 The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. ====================================================== Name: CVE-2013-4080 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4080 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-38.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764 The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. ====================================================== Name: CVE-2013-4081 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-http.c?r1=49623&r2=49622&pathrev=49623 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49623 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-39.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. ====================================================== Name: CVE-2013-4082 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4082 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=49739&r2=49738&pathrev=49739 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49739 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-40.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760 The vwr_read function in wiretap/vwr.c in Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. ====================================================== Name: CVE-2013-4083 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130609 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=49802&r2=49801&pathrev=49802 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49802 Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html Reference: CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-41.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Reproducible: Steps to Reproduce:
New versions has been uploaded for all.
Packages built: wireshark-1.6.16-1.mga2 libwireshark1-1.6.16-1.mga2 libwireshark-devel-1.6.16-1.mga2 wireshark-tools-1.6.16-1.mga2 tshark-1.6.16-1.mga2 rawshark-1.6.16-1.mga2 dumpcap-1.6.16-1.mga2 wireshark-1.8.8-1.mga3 libwireshark2-1.8.8-1.mga3 libwireshark-devel-1.8.8-1.mga3 wireshark-tools-1.8.8-1.mga3 tshark-1.8.8-1.mga3 rawshark-1.8.8-1.mga3 dumpcap-1.8.8-1.mga3 from SRPMS: wireshark-1.6.16-1.mga2.src.rpm wireshark-1.8.8-1.mga3.src.rpm
CC: (none) => luigiwalser
Upstream announcement from June 7: http://www.wireshark.org/news/20130607.html This hasn't yet been fixed in Cauldron, so waiting on that before pushing to QA.
Mandriva has issued an advisory for this today (June 12): http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:172/
URL: (none) => http://lwn.net/Vulnerabilities/554059/
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron. Assigning to QA. Advisory (Mageia 2): ======================== Updated wireshark packages fix security vulnerabilities: The CAPWAP dissector could crash (CVE-2013-4074). The HTTP dissector could overrun the stack (CVE-2013-4081). The DCP ETSI dissector could crash (CVE-2013-4083). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083 http://www.wireshark.org/security/wnpa-sec-2013-32.html http://www.wireshark.org/security/wnpa-sec-2013-39.html http://www.wireshark.org/security/wnpa-sec-2013-41.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html http://www.wireshark.org/news/20130607.html http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:172/ ======================== Updated packages in core/updates_testing: ======================== wireshark-1.6.16-1.mga2 libwireshark1-1.6.16-1.mga2 libwireshark-devel-1.6.16-1.mga2 wireshark-tools-1.6.16-1.mga2 tshark-1.6.16-1.mga2 rawshark-1.6.16-1.mga2 dumpcap-1.6.16-1.mga2 from wireshark-1.6.16-1.mga2.src.rpm Advisory (Mageia 3): ======================== Updated wireshark packages fix security vulnerability: The CAPWAP dissector could crash (CVE-2013-4074). The GMR-1 BCCH dissector could crash (CVE-2013-4075). The PPP dissector could crash (CVE-2013-4076). The NBAP dissector could crash (CVE-2013-4077). The RDP dissector could crash (CVE-2013-4078). The GSM CBCH dissector could crash (CVE-2013-4079). The Assa Abloy R3 dissector could consume excessive memory and CPU (CVE-2013-4080). The HTTP dissector could overrun the stack (CVE-2013-4081). The Ixia IxVeriWave file parser could overflow the heap (CVE-2013-4082). The DCP ETSI dissector could crash (CVE-2013-4083). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083 http://www.wireshark.org/security/wnpa-sec-2013-32.html http://www.wireshark.org/security/wnpa-sec-2013-33.html http://www.wireshark.org/security/wnpa-sec-2013-34.html http://www.wireshark.org/security/wnpa-sec-2013-35.html http://www.wireshark.org/security/wnpa-sec-2013-36.html http://www.wireshark.org/security/wnpa-sec-2013-37.html http://www.wireshark.org/security/wnpa-sec-2013-38.html http://www.wireshark.org/security/wnpa-sec-2013-39.html http://www.wireshark.org/security/wnpa-sec-2013-40.html http://www.wireshark.org/security/wnpa-sec-2013-41.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html http://www.wireshark.org/news/20130607.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.8.8-1.mga3 libwireshark2-1.8.8-1.mga3 libwireshark-devel-1.8.8-1.mga3 wireshark-tools-1.8.8-1.mga3 tshark-1.8.8-1.mga3 rawshark-1.8.8-1.mga3 dumpcap-1.8.8-1.mga3 from wireshark-1.8.8-1.mga3.src.rpm
Assignee: bugsquad => qa-bugsSummary: Multiple vulnerabilities in wireshark => wireshark new releases 1.6.16 and 1.8.8 fix security issues
Debian has issued an advisory for this on June 17: http://www.debian.org/security/2013/dsa-2709 from http://lwn.net/Vulnerabilities/555217/
Version: 2 => 3Whiteboard: (none) => MGA2TOO
update is ok here
Whiteboard: MGA2TOO => MGA2TOO mga2-64-ok
Testing complete on mga3 i586, following https://wiki.mageia.org/en/QA_procedure:Wireshark
CC: (none) => remiWhiteboard: MGA2TOO mga2-64-ok => MGA2TOO mga2-64-ok mga3-32-ok
Testing complete on mga2 i586 (VM).
Whiteboard: MGA2TOO mga2-64-ok mga3-32-ok => MGA2TOO mga2-32-ok mga2-64-ok mga3-32-ok
Tested MGA3 64 Completed test as https://wiki.mageia.org/en/QA_procedure:Wireshark
CC: (none) => martynvidlerWhiteboard: MGA2TOO mga2-32-ok mga2-64-ok mga3-32-ok => MGA2TOO mga2-32-ok mga2-64-ok mga3-32-ok MGA3-64-ok
Validating the update candidate then. -- Please push this update from Mageia 2 and Mageia 3. The advisory and list of RPMs/SRPM is in comment 5.
Keywords: (none) => validated_updateAssignee: qa-bugs => sysadmin-bugsCC: (none) => sysadmin-bugs
(btw we keep bugs assigned to the qa)
Assignee: sysadmin-bugs => qa-bugs
Advisories uploaded
http://advisories.mageia.org/MGASA-2013-0180.html http://advisories.mageia.org/MGASA-2013-0181.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)