Bug 46164 – wireshark: Multiple issues (4.2)

Bug 46164 - wireshark: Multiple issues (4.2)


Summary:	wireshark: Multiple issues (4.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-3-errata
Assigned To:	Philipp Hahn
QA Contact:	UCS maintainers

URL:	http://metadata.ftp-master.debian.org...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-01-24 21:23 CET by Philipp Hahn
Modified:	2018-05-08 14:56 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2018-01-24 21:23:04 CET

wireshark (1.12.1+g01b65bf-4+deb8u12) jessie-security; urgency=medium

* CVE-2017-11408 wireshark: AMQP dissector crash (wnpa-sec-2017-34)
* CVE-2017-17083 wireshark: NetBIOS dissector crash
* CVE-2017-17084 wireshark: IWARP_MPA dissector crash
* CVE-2017-17085 wireshark: CIP Safety dissector crash

Comment 1 Philipp Hahn

2018-01-25 10:59:54 CET

Mass-import from Debian-Security:
  python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553

YAML: git:bd6159834a..449aa5a7cf

Comment 2 Philipp Hahn

2018-01-31 19:24:21 CET

671e7d1b94 Bug #46164: wireshark 1.12.1+g01b65bf-4+deb8u13

Comment 3 Quality Assurance

2018-05-04 16:57:46 CEST

--- mirror/ftp/4.2/unmaintained/4.2-2/source/wireshark_1.12.1+g01b65bf-4+deb8u11.dsc
+++ apt/ucs_4.2-0-errata4.2-3/source/wireshark_1.12.1+g01b65bf-4+deb8u13.dsc
@@ -1,3 +1,15 @@
+1.12.1+g01b65bf-4+deb8u13 [Mon, 22 Jan 2018 18:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>:
+
+  * Non-maintainer upload by the Wheezy LTS Team. 
+  * fix for CVE-2018-5334
+  * fix for CVE-2018-5335
+  * fix for CVE-2018-5336
+    Several parsers of wireshark could be crashed by malformed packets.
+
+1.12.1+g01b65bf-4+deb8u12 [Tue, 05 Dec 2017 23:35:48 +0100] Moritz Muehlenhoff <jmm@debian.org>:
+
+  * CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085
+
 1.12.1+g01b65bf-4+deb8u11 [Thu, 16 Mar 2017 01:46:19 +0100] Balint Reczey <balint@balintreczey.hu>:
 
   [ Balint Reczey ]

Comment 4 Arvid Requate

2018-05-08 10:59:52 CEST

* No UCS specific patches
* Comparison to previously shipped version ok
* Binary package update Ok
* Advisory adjusted:
  52933a1c7b | Sort CVEs

Comment 5 Arvid Requate

2018-05-08 14:56:58 CEST

<http://errata.software-univention.de/ucs/4.2/413.html>