#20836 – Multiple vulnerabilities in Wireshark:CVE-2009-2559, CVE-2009-2560, CVE-2009-2561, CVE-2009-2562, CVE-2009-2563

Bug 20836 - Multiple vulnerabilities in Wireshark:CVE-2009-2559, CVE-2009-2560, CVE-2009-2561, CVE-2009-2562, CVE-2009-2563

Summary: Multiple vulnerabilities in Wireshark:CVE-2009-2559, CVE-2009-2560, CVE-2009-...

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	wireshark-base (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Anton Farygin
QA Contact:	qa-sisyphus

URL:	http://www.wireshark.org/security/wnp...
Keywords:	security

Depends on:
Blocks:

Reported:	2009-07-21 08:46 MSD by Vladimir Lettiev
Modified:	2010-01-29 12:17 MSK (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-07-21 08:46:20 MSD

Wireshark 1.2.1 fixes the following vulnerabilities:

    * The IPMI dissector could overrun a buffer. (Bug 3559) Versions affected: 1.2.0
    * The AFS dissector could crash. (Bug 3564) Versions affected: 0.9.2 to 1.2.0
    * The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0
    * The Bluetooth L2CAP dissector could crash. (Bug 3572) Versions affected: 1.2.0
    * The RADIUS dissector could crash. (Bug 3578) Versions affected: 1.2.0
    * The MIOP dissector could crash. (Bug 3652) Versions affected: 1.2.0
    * The sFlow dissector could use excessive CPU and memory. (Bug 3570) Versions affected: 1.2.0

Comment 1 Alexander Bokovoy 2009-07-21 09:46:53 MSD

Ok. Вечером.

Comment 2 Dmitry V. Levin 2009-08-19 18:04:39 MSD

Вечером какого дня?

Comment 3 Dmitry V. Levin 2010-01-28 15:11:37 MSK

Wireshark 1.2.6 is now available.

http://www.wireshark.org/security/wnpa-sec-2010-02.html
http://www.wireshark.org/security/wnpa-sec-2009-09.html
http://www.wireshark.org/security/wnpa-sec-2009-07.html
http://www.wireshark.org/security/wnpa-sec-2009-06.html

Comment 4 Anton Farygin 2010-01-28 15:13:15 MSK

Мне кажется, что пакету wireshark требуется другой мейнтейнер.

Саш, повесь его на @everybody или @nobody

Comment 5 Alexander Bokovoy 2010-01-28 17:21:58 MSK

ок, вечером.

Comment 6 Alexander Bokovoy 2010-01-28 21:17:04 MSK

done

Comment 7 Alexander Bokovoy 2010-01-28 21:18:04 MSK

Перевожу на Антона.

Comment 8 Repository Robot 2010-01-29 12:17:41 MSK

wireshark-1.2.6-alt1 -> sisyphus:

* Thu Jan 28 2010 Anton Farygin <rider@altlinux> 1.2.6-alt1

- new version, multiple vulnerabilities fixed by upstream (closes #20836)