Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Mikle Kolyada <zlogene@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201406-33 ] Wireshark: Multiple vulnerabilities
Date: Sun, 29 Jun 2014 16:16:44
Message-Id: 53B03C96.4030500@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201406-33
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Wireshark: Multiple vulnerabilities
9 Date: June 29, 2014
10 Bugs: #503792, #507298, #508506, #513094
11 ID: 201406-33
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Wireshark, the worst of
19 which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 Wireshark is a network protocol analyzer formerly known as ethereal.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/wireshark < 1.10.8 *>= 1.8.15
33 >= 1.10.8
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Wireshark. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker can cause arbitrary code execution or a Denial of
45 Service condition via a specially crafted packet.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Wireshark 1.8.x users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.15"
59
60 All Wireshark 1.10.x users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.8"
64
65 References
66 ==========
67
68 [ 1 ] CVE-2014-2281
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2281
70 [ 2 ] CVE-2014-2282
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2282
72 [ 3 ] CVE-2014-2283
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2283
74 [ 4 ] CVE-2014-2299
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2299
76 [ 5 ] CVE-2014-2907
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2907
78 [ 6 ] CVE-2014-4020
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4020
80 [ 7 ] CVE-2014-4174
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4174
82
83 Availability
84 ============
85
86 This GLSA and any updates to it are available for viewing at
87 the Gentoo Security Website:
88
89 http://security.gentoo.org/glsa/glsa-201406-33.xml
90
91 Concerns?
92 =========
93
94 Security is a primary focus of Gentoo Linux and ensuring the
95 confidentiality and security of our users' machines is of utmost
96 importance to us. Any security concerns should be addressed to
97 security@g.o or alternatively, you may file a bug at
98 https://bugs.gentoo.org.
99
100 License
101 =======
102
103 Copyright 2014 Gentoo Foundation, Inc; referenced text
104 belongs to its owner(s).
105
106 The contents of this document are licensed under the
107 Creative Commons - Attribution / Share Alike license.
108
109 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups