[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200712-23.xml - gentoo-commits

From:	"Robert Buchholz (rbu)" <rbu@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200712-23.xml
Date:	Sun, 30 Dec 2007 17:38:05
Message-Id:	`E1J926m-0005Cl-5O@stork.gentoo.org`

1

rbu         07/12/30 17:37:56

2

3

  Added:                glsa-200712-23.xml

4

  Log:

5

  GLSA 200712-23

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200712-23.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-23.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-23.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200712-23.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200712-23">

21

  <title>Wireshark: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Multiple vulnerabilities have been discovered in Wireshark, allowing for

24

    the remote execution of arbitrary code and a Denial of Service.

25

  </synopsis>

26

  <product type="ebuild">wireshark</product>

27

  <announced>December 30, 2007</announced>

28

  <revised>December 30, 2007: 01</revised>

29

  <bug>199958</bug>

30

  <access>remote</access>

31

  <affected>

32

    <package name="net-analyzer/wireshark" auto="yes" arch="*">

33

      <unaffected range="ge">0.99.7</unaffected>

34

      <vulnerable range="lt">0.99.7</vulnerable>

35

    </package>

36

  </affected>

37

  <background>

38

<p>

39

    Wireshark is a network protocol analyzer with a graphical front-end.

40

    </p>

41

  </background>

42

  <description>

43

<p>

44

    Multiple buffer overflows and infinite loops were discovered in

45

    multiple dissector and parser components, including those for MP3 and

46

    NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and

47

    iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP

48

    (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP

49

    (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119),

50

    Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB

51

    (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441),

52

    RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were

53

    discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming,

54

    Steve and ainsley.

55

    </p>

56

  </description>

57

  <impact type="high">

58

<p>

59

    A remote attacker could send specially crafted packets on a network

60

    being monitored with Wireshark or entice a user to open a specially

61

    crafted file, possibly resulting in the execution of arbitrary code

62

    with the privileges of the user running Wireshark (which might be the

63

    root user), or a Denial of Service.

64

    </p>

65

  </impact>

66

  <workaround>

67

<p>

68

    There is no known workaround at this time.

69

    </p>

70

  </workaround>

71

  <resolution>

72

<p>

73

    All Wireshark users should upgrade to the latest version:

74

    </p>

75

    <code>

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/wireshark-0.99.7&quot;</code>

78

  </resolution>

79

  <references>

80

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111">CVE-2007-6111</uri>

81

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112">CVE-2007-6112</uri>

82

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113">CVE-2007-6113</uri>

83

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114">CVE-2007-6114</uri>

84

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115">CVE-2007-6115</uri>

85

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116">CVE-2007-6116</uri>

86

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117">CVE-2007-6117</uri>

87

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118">CVE-2007-6118</uri>

88

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119">CVE-2007-6119</uri>

89

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120">CVE-2007-6120</uri>

90

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121">CVE-2007-6121</uri>

91

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6438">CVE-2007-6438</uri>

92

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6439">CVE-2007-6439</uri>

93

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6441">CVE-2007-6441</uri>

94

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6450">CVE-2007-6450</uri>

95

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6451">CVE-2007-6451</uri>

96

  </references>

97

  <metadata tag="requester" timestamp="Wed, 26 Dec 2007 11:44:15 +0000">

98

    keytoaster

99

  </metadata>

100

  <metadata tag="submitter" timestamp="Sat, 29 Dec 2007 21:41:40 +0000">

101

rbu

102

  </metadata>

103

  <metadata tag="bugReady" timestamp="Sat, 29 Dec 2007 22:00:22 +0000">

104

rbu

105

  </metadata>

106

</glsa>

--

111

gentoo-commits@g.o mailing list

1	rbu 07/12/30 17:37:56
2
3	Added: glsa-200712-23.xml
4	Log:
5	GLSA 200712-23
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200712-23.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-23.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-23.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200712-23.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200712-23">
21	<title>Wireshark: Multiple vulnerabilities</title>
22	<synopsis>
23	Multiple vulnerabilities have been discovered in Wireshark, allowing for
24	the remote execution of arbitrary code and a Denial of Service.
25	</synopsis>
26	<product type="ebuild">wireshark</product>
27	<announced>December 30, 2007</announced>
28	<revised>December 30, 2007: 01</revised>
29	<bug>199958</bug>
30	<access>remote</access>
31	<affected>
32	<package name="net-analyzer/wireshark" auto="yes" arch="*">
33	<unaffected range="ge">0.99.7</unaffected>
34	<vulnerable range="lt">0.99.7</vulnerable>
35	</package>
36	</affected>
37	<background>
38	<p>
39	Wireshark is a network protocol analyzer with a graphical front-end.
40	</p>
41	</background>
42	<description>
43	<p>
44	Multiple buffer overflows and infinite loops were discovered in
45	multiple dissector and parser components, including those for MP3 and
46	NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and
47	iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP
48	(CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP
49	(CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119),
50	Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB
51	(CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441),
52	RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were
53	discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming,
54	Steve and ainsley.
55	</p>
56	</description>
57	<impact type="high">
58	<p>
59	A remote attacker could send specially crafted packets on a network
60	being monitored with Wireshark or entice a user to open a specially
61	crafted file, possibly resulting in the execution of arbitrary code
62	with the privileges of the user running Wireshark (which might be the
63	root user), or a Denial of Service.
64	</p>
65	</impact>
66	<workaround>
67	<p>
68	There is no known workaround at this time.
69	</p>
70	</workaround>
71	<resolution>
72	<p>
73	All Wireshark users should upgrade to the latest version:
74	</p>
75	<code>
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.7"</code>
78	</resolution>
79	<references>
80	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111">CVE-2007-6111</uri>
81	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112">CVE-2007-6112</uri>
82	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113">CVE-2007-6113</uri>
83	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114">CVE-2007-6114</uri>
84	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115">CVE-2007-6115</uri>
85	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116">CVE-2007-6116</uri>
86	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117">CVE-2007-6117</uri>
87	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118">CVE-2007-6118</uri>
88	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119">CVE-2007-6119</uri>
89	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120">CVE-2007-6120</uri>
90	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121">CVE-2007-6121</uri>
91	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6438">CVE-2007-6438</uri>
92	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6439">CVE-2007-6439</uri>
93	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6441">CVE-2007-6441</uri>
94	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6450">CVE-2007-6450</uri>
95	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6451">CVE-2007-6451</uri>
96	</references>
97	<metadata tag="requester" timestamp="Wed, 26 Dec 2007 11:44:15 +0000">
98	keytoaster
99	</metadata>
100	<metadata tag="submitter" timestamp="Sat, 29 Dec 2007 21:41:40 +0000">
101	rbu
102	</metadata>
103	<metadata tag="bugReady" timestamp="Sat, 29 Dec 2007 22:00:22 +0000">
104	rbu
105	</metadata>
106	</glsa>
107
108
109
110	--
111	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits