*** This bug is a security vulnerability ***

Public security bug reported:

There are 6 new CVEs which impact Wireshark in Utopic.  (Three of these
also affect Trusty)

------

CVE-2015-2187: (Utopic)
The dissect_atn_cpdlc_heur function in 
asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in 
Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code 
requirements, which allows remote attackers to cause a denial of service (stack 
memory corruption and application crash) via a crafted packet.

CVE-2015-2188: (Trusty, Utopic)
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 
1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, 
which allows remote attackers to cause a denial of service (out-of-bounds read 
and application crash) via a crafted packet that is improperly handled during 
decompression.

CVE-2015-2189: (Trusty, Utopic)
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng 
file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows 
remote attackers to cause a denial of service (out-of-bounds read and 
application crash) via an invalid Interface Statistics Block (ISB) interface ID 
in a crafted packet.

CVE-2015-2190: (Utopic)
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer 
data types greater than 32 bits in size, which allows remote attackers to cause 
a denial of service (assertion failure and application exit) via a crafted 
packet that is improperly handled by the LLDP dissector.

CVE-2015-2191: (Trusty, Utopic)
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c 
in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 
1.12.4 allows remote attackers to cause a denial of service (infinite loop) via 
a crafted length field in a packet.

CVE-2015-2192: (Utopic)
Integer overflow in the dissect_osd2_cdb_continuation function in 
epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x 
before 1.12.4 allows remote attackers to cause a denial of service (infinite 
loop) via a crafted length field in a packet.

------

Vivid is not affected by these CVEs as the archive autosync pulled in a
version from Debian that has patches from Wireshark 1.12.4 which fix the
problem.

Trusty and Utopic are affected.

Importance set to medium because the majority of these CVEs have a
"medium" severity in the Ubuntu CVE tracker.

** Affects: wireshark (Ubuntu)
     Importance: Medium
         Status: Fix Released

** Affects: wireshark (Ubuntu Trusty)
     Importance: Medium
         Status: Confirmed

** Affects: wireshark (Ubuntu Utopic)
     Importance: Medium
         Status: Confirmed


** Tags: trusty utopic

** Description changed:

  There are 6 new CVEs which impact Wireshark in Utopic.  (Three of these
- also affect Precise)
+ also affect Trusty)
  
  ------
  
  CVE-2015-2187: (Utopic)
  The dissect_atn_cpdlc_heur function in 
asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in 
Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code 
requirements, which allows remote attackers to cause a denial of service (stack 
memory corruption and application crash) via a crafted packet.
  
- CVE-2015-2188: (Precise, Utopic)
+ CVE-2015-2188: (Trusty, Utopic)
  epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 
1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, 
which allows remote attackers to cause a denial of service (out-of-bounds read 
and application crash) via a crafted packet that is improperly handled during 
decompression.
  
- CVE-2015-2189: (Precise, Utopic)
+ CVE-2015-2189: (Trusty, Utopic)
  Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the 
pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 
allows remote attackers to cause a denial of service (out-of-bounds read and 
application crash) via an invalid Interface Statistics Block (ISB) interface ID 
in a crafted packet.
  
  CVE-2015-2190: (Utopic)
  epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle 
integer data types greater than 32 bits in size, which allows remote attackers 
to cause a denial of service (assertion failure and application exit) via a 
crafted packet that is improperly handled by the LLDP dissector.
  
- CVE-2015-2191: (Precise, Utopic)
+ CVE-2015-2191: (Trusty, Utopic)
  Integer overflow in the dissect_tnef function in 
epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 
1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of 
service (infinite loop) via a crafted length field in a packet.
  
  CVE-2015-2192: (Utopic)
  Integer overflow in the dissect_osd2_cdb_continuation function in 
epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x 
before 1.12.4 allows remote attackers to cause a denial of service (infinite 
loop) via a crafted length field in a packet.
  
  ------
  
  Vivid is not affected by these CVEs as the archive autosync pulled in a
  version from Debian that has patches from Wireshark 1.12.4 which fix the
  problem.
  
- Precise and Utopic are affected.
+ Trusty and Utopic are affected.
  
  Importance set to medium because the majority of these CVEs have a
  "medium" severity in the Ubuntu CVE tracker.

** Tags removed: precise
** Tags added: trusty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1440202

Title:
  [Security] April 3 2015 - 6 New CVEs affect Wireshark

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1440202/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to