Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201510-03 ] Wireshark: Multiple vulnerabilities
Date: Sat, 31 Oct 2015 15:12:15
Message-Id: 5634D9C9.3030202@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201510-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Wireshark: Multiple vulnerabilities
9 Date: October 31, 2015
10 Bugs: #536034, #542206, #548898, #549432, #552434, #557522
11 ID: 201510-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Wireshark, allowing
19 attackers to cause Denial of Service condition.
20
21 Background
22 ==========
23
24 Wireshark is a network protocol analyzer formerly known as ethereal.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/wireshark < 1.12.7 >= 1.12.7
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Wireshark. Please
38 review the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 A remote attacker could possibly cause a Denial of Service condition.
44
45 Workaround
46 ==========
47
48 There is no known workaround at this time.
49
50 Resolution
51 ==========
52
53 All Wireshark users should upgrade to the latest version:
54
55 # emerge --sync
56 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.12.7"
57
58 References
59 ==========
60
61 [ 1 ] CVE-2015-2187
62 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2187
63 [ 2 ] CVE-2015-2188
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2188
65 [ 3 ] CVE-2015-2189
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2189
67 [ 4 ] CVE-2015-2190
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2190
69 [ 5 ] CVE-2015-2191
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2191
71 [ 6 ] CVE-2015-2192
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2192
73 [ 7 ] CVE-2015-3182
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3182
75 [ 8 ] CVE-2015-3808
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3808
77 [ 9 ] CVE-2015-3809
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3809
79 [ 10 ] CVE-2015-3810
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3810
81 [ 11 ] CVE-2015-3811
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3811
83 [ 12 ] CVE-2015-3812
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3812
85 [ 13 ] CVE-2015-3813
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3813
87 [ 14 ] CVE-2015-3814
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3814
89 [ 15 ] CVE-2015-3815
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3815
91 [ 16 ] CVE-2015-3906
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3906
93 [ 17 ] CVE-2015-4651
94 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4651
95 [ 18 ] CVE-2015-4652
96 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4652
97
98 Availability
99 ============
100
101 This GLSA and any updates to it are available for viewing at
102 the Gentoo Security Website:
103
104 https://security.gentoo.org/glsa/201510-03
105
106 Concerns?
107 =========
108
109 Security is a primary focus of Gentoo Linux and ensuring the
110 confidentiality and security of our users' machines is of utmost
111 importance to us. Any security concerns should be addressed to
112 security@g.o or alternatively, you may file a bug at
113 https://bugs.gentoo.org.
114
115 License
116 =======
117
118 Copyright 2015 Gentoo Foundation, Inc; referenced text
119 belongs to its owner(s).
120
121 The contents of this document are licensed under the
122 Creative Commons - Attribution / Share Alike license.
123
124 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature