** Description changed: - Requires updating. There are 4 vulnerabilities: + Requires updating. There are vulnerabilities: CVE links: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2282 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281 - ----------------------------- + Others links https://www.wireshark.org/security/wnpa-sec-2014-04.html https://www.wireshark.org/security/wnpa-sec-2014-03.html https://www.wireshark.org/security/wnpa-sec-2014-02.html https://www.wireshark.org/security/wnpa-sec-2014-01.html + + Information extracted from the changelogs, affecting Quantal, Precise + and Saucy: + + - The SIP dissector could go into an infinite loop. Discovered by Alain Botti. (CVE-2013-7112) + - The BSSGP dissector could crash. Discovered by Laurent Butti. (CVE-2013-7113) + - The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. (CVE-2013-7114) + - The IEEE 802.15.4 dissector could crash. (CVE-2013-6336) + - The NBAP dissector could crash. Discovered by Laurent Butti. (CVE-2013-6337) + - The SIP dissector could crash. (CVE-2013-6338) + - The OpenWire dissector could go into a large loop. Discovered by Murali. (CVE-2013-6339) + - The TCP dissector could crash. (CVE-2013-6340) + ------------------------------------------------------------ + Affecting Quantal and Precise: + + - NBAP dissector could crash. Discovered by Laurent Butti. (No assigned CVE number) + - The RTPS dissector could overflow a buffer. Discovered by Ben Schmidt. (No assigned CVE number) + - The LDAP dissector could crash. (No assigned CVE number) + - The Netmon file parser could crash. Discovered by G. Geshev. + - The DVB-CI dissector could crash. Discovered by Laurent Butti. (CVE-2013-4930) + - The GSM A Common dissector could crash. (CVE-2013-4932) + - The Netmon file parser could crash. Discovered by G. Geshev. (CVE-2013-4933, CVE-2013-4934) + - The ASN.1 PER dissector could crash. Discovered by Oliver-Tobias Ripka. (CVE-2013-4935) + - The CAPWAP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4074) + - The GMR-1 BCCH dissector could crash. Discovered by Sylvain Munaut and Laurent Butti. (CVE-2013-4075) + - The PPP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4076) + - The NBAP dissector could crash. (CVE-2013-4077) + - The RDP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4078) + - The HTTP dissector could overrun the stack. (CVE-2013-4081) + - The Ixia IxVeriWave file parser could overflow the heap. Discovered by Sachin Shinde. (CVE-2013-4082) + - The DCP ETSI dissector could crash. (CVE-2013-4083) + - The GTPv2 dissector could crash (CVE-2013-3555) + - The ASN.1 BER dissector could crash (CVE-2013-3557) + - The PPP CCP dissector could crash (CVE-2013-3558) + - The DCP ETSI dissector could crash. Discovered by Evan Jensen. (CVE-2013-3559) + - The MPEG DSM-CC dissector could crash. (CVE-2013-3560) + - The Websocket dissector could crash. Discovered by Moshe Kaplan. (CVE-2013-3562) + - The TCP dissector could crash (CVE-2013-2475) + - The CSN.1 dissector could crash. Discovered by Laurent Butti. (CVE-2013-2477) + - MMS dissector could crash. Discovered by Laurent Butti. (CVE-2013-2478) + - The RTPS and RTPS2 dissectors could crash. Discovered by Alyssa Milburn. (CVE-2013-2480) + - The Mount dissector could crash. Discovered by Alyssa Milburn. (CVE-2013-2481) + - The ACN dissector could attempt to divide by zero. Discovered by Alyssa Milburn. (CVE-2013-2483) + - The CIMD dissector could crash. Discovered by Moshe Kaplan. (CVE-2013-2484) + - The DTLS dissector could crash. Discovered by Laurent Butti. (CVE-2013-2488) + - The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team (CVE-2013-1582) + - The DTN dissector could crash (CVE-2013-1583, CVE-2013-1584) + - The MS-MMC dissector (and possibly others) could crash (CVE-2013-1585) + - The DTLS dissector could crash. Discovered by Laurent Butti. (CVE-2013-1586) + - The ROHC dissector could crash (CVE-2013-1587) + - The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (CVE-2013-1588) + - The Wireshark dissection engine could crash. Discovered by Laurent Butti. + - The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Härnhammar. (CVE-2013-1590)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need fake sync] a lot vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
