Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sergey Popov <pinkbyte@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201308-05 ] Wireshark: Multiple vulnerabilities
Date: Wed, 28 Aug 2013 11:32:58
Message-Id: 521DDEF6.2000107@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201308-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Wireshark: Multiple vulnerabilities
9 Date: August 28, 2013
10 Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694
11 ID: 201308-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Wireshark, allowing remote
19 attackers to execute arbitrary code or cause Denial of Service.
20
21 Background
22 ==========
23
24 Wireshark is a versatile network protocol analyzer.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/wireshark < 1.10.1 >= 1.10.1
33 *>= 1.8.9
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Wireshark. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process or cause a Denial of Service condition.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Wireshark 1.10 users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.1"
59
60 All Wireshark 1.8 users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.9"
64
65 References
66 ==========
67
68 [ 1 ] CVE-2012-0041
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041
70 [ 2 ] CVE-2012-0042
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042
72 [ 3 ] CVE-2012-0043
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043
74 [ 4 ] CVE-2012-0066
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066
76 [ 5 ] CVE-2012-0067
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067
78 [ 6 ] CVE-2012-0068
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068
80 [ 7 ] CVE-2012-3548
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548
82 [ 8 ] CVE-2012-4048
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048
84 [ 9 ] CVE-2012-4049
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049
86 [ 10 ] CVE-2012-4285
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285
88 [ 11 ] CVE-2012-4286
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286
90 [ 12 ] CVE-2012-4287
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287
92 [ 13 ] CVE-2012-4288
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288
94 [ 14 ] CVE-2012-4289
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289
96 [ 15 ] CVE-2012-4290
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290
98 [ 16 ] CVE-2012-4291
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291
100 [ 17 ] CVE-2012-4292
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292
102 [ 18 ] CVE-2012-4293
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293
104 [ 19 ] CVE-2012-4294
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294
106 [ 20 ] CVE-2012-4295
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295
108 [ 21 ] CVE-2012-4296
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296
110 [ 22 ] CVE-2012-4297
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297
112 [ 23 ] CVE-2012-4298
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298
114 [ 24 ] CVE-2013-3540
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540
116 [ 25 ] CVE-2013-3541
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541
118 [ 26 ] CVE-2013-3542
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542
120 [ 27 ] CVE-2013-3555
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555
122 [ 28 ] CVE-2013-3556
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556
124 [ 29 ] CVE-2013-3557
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557
126 [ 30 ] CVE-2013-3558
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558
128 [ 31 ] CVE-2013-3559
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559
130 [ 32 ] CVE-2013-4074
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074
132 [ 33 ] CVE-2013-4075
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075
134 [ 34 ] CVE-2013-4076
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076
136 [ 35 ] CVE-2013-4077
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077
138 [ 36 ] CVE-2013-4078
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078
140 [ 37 ] CVE-2013-4079
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079
142 [ 38 ] CVE-2013-4080
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080
144 [ 39 ] CVE-2013-4081
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081
146 [ 40 ] CVE-2013-4082
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082
148 [ 41 ] CVE-2013-4083
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083
150 [ 42 ] CVE-2013-4920
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920
152 [ 43 ] CVE-2013-4921
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921
154 [ 44 ] CVE-2013-4922
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922
156 [ 45 ] CVE-2013-4923
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923
158 [ 46 ] CVE-2013-4924
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924
160 [ 47 ] CVE-2013-4925
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925
162 [ 48 ] CVE-2013-4926
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926
164 [ 49 ] CVE-2013-4927
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927
166 [ 50 ] CVE-2013-4928
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928
168 [ 51 ] CVE-2013-4929
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929
170 [ 52 ] CVE-2013-4930
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930
172 [ 53 ] CVE-2013-4931
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931
174 [ 54 ] CVE-2013-4932
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932
176 [ 55 ] CVE-2013-4933
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933
178 [ 56 ] CVE-2013-4934
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934
180 [ 57 ] CVE-2013-4935
181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935
182 [ 58 ] CVE-2013-4936
183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936
184
185 Availability
186 ============
187
188 This GLSA and any updates to it are available for viewing at
189 the Gentoo Security Website:
190
191 http://security.gentoo.org/glsa/glsa-201308-05.xml
192
193 Concerns?
194 =========
195
196 Security is a primary focus of Gentoo Linux and ensuring the
197 confidentiality and security of our users' machines is of utmost
198 importance to us. Any security concerns should be addressed to
199 security@g.o or alternatively, you may file a bug at
200 https://bugs.gentoo.org.
201
202 License
203 =======
204
205 Copyright 2013 Gentoo Foundation, Inc; referenced text
206 belongs to its owner(s).
207
208 The contents of this document are licensed under the
209 Creative Commons - Attribution / Share Alike license.
210
211 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups