Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sergey Popov <pinkbyte@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201312-13 ] Wireshark: Multiple vulnerabilities
Date: Mon, 16 Dec 2013 18:33:57
Message-Id: 52AF473A.4010505@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201312-13
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Wireshark: Multiple vulnerabilities
9 Date: December 16, 2013
10 Bugs: #484582, #490434
11 ID: 201312-13
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Wireshark, allowing remote
19 attackers to execute arbitrary code or cause Denial of Service.
20
21 Background
22 ==========
23
24 Wireshark is a versatile network protocol analyzer.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/wireshark < 1.10.3 >= 1.10.3
33 *>= 1.8.11
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Wireshark. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process or cause a Denial of Service condition.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Wireshark 1.10 users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.3"
59
60 All Wireshark 1.8 users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.11"
64
65 References
66 ==========
67
68 [ 1 ] CVE-2013-5717
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5717
70 [ 2 ] CVE-2013-5718
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5718
72 [ 3 ] CVE-2013-5719
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5719
74 [ 4 ] CVE-2013-5720
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5720
76 [ 5 ] CVE-2013-5721
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5721
78 [ 6 ] CVE-2013-5722
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5722
80 [ 7 ] CVE-2013-6336
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6336
82 [ 8 ] CVE-2013-6337
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6337
84 [ 9 ] CVE-2013-6338
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6338
86 [ 10 ] CVE-2013-6339
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6339
88 [ 11 ] CVE-2013-6340
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6340
90
91 Availability
92 ============
93
94 This GLSA and any updates to it are available for viewing at
95 the Gentoo Security Website:
96
97 http://security.gentoo.org/glsa/glsa-201312-13.xml
98
99 Concerns?
100 =========
101
102 Security is a primary focus of Gentoo Linux and ensuring the
103 confidentiality and security of our users' machines is of utmost
104 importance to us. Any security concerns should be addressed to
105 security@g.o or alternatively, you may file a bug at
106 https://bugs.gentoo.org.
107
108 License
109 =======
110
111 Copyright 2013 Gentoo Foundation, Inc; referenced text
112 belongs to its owner(s).
113
114 The contents of this document are licensed under the
115 Creative Commons - Attribution / Share Alike license.
116
117 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups