*** This bug is a security vulnerability ***
Public security bug reported:
There are 6 new CVEs which impact Wireshark in Utopic. (Three of these
also affect Trusty)
------
CVE-2015-2187: (Utopic)
The dissect_atn_cpdlc_heur function in
asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in
Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code
requirements, which allows remote attackers to cause a denial of service (stack
memory corruption and application crash) via a crafted packet.
CVE-2015-2188: (Trusty, Utopic)
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before
1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure,
which allows remote attackers to cause a denial of service (out-of-bounds read
and application crash) via a crafted packet that is improperly handled during
decompression.
CVE-2015-2189: (Trusty, Utopic)
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng
file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows
remote attackers to cause a denial of service (out-of-bounds read and
application crash) via an invalid Interface Statistics Block (ISB) interface ID
in a crafted packet.
CVE-2015-2190: (Utopic)
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer
data types greater than 32 bits in size, which allows remote attackers to cause
a denial of service (assertion failure and application exit) via a crafted
packet that is improperly handled by the LLDP dissector.
CVE-2015-2191: (Trusty, Utopic)
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c
in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before
1.12.4 allows remote attackers to cause a denial of service (infinite loop) via
a crafted length field in a packet.
CVE-2015-2192: (Utopic)
Integer overflow in the dissect_osd2_cdb_continuation function in
epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x
before 1.12.4 allows remote attackers to cause a denial of service (infinite
loop) via a crafted length field in a packet.
------
Vivid is not affected by these CVEs as the archive autosync pulled in a
version from Debian that has patches from Wireshark 1.12.4 which fix the
problem.
Trusty and Utopic are affected.
Importance set to medium because the majority of these CVEs have a
"medium" severity in the Ubuntu CVE tracker.
** Affects: wireshark (Ubuntu)
Importance: Medium
Status: Fix Released
** Affects: wireshark (Ubuntu Trusty)
Importance: Medium
Status: Confirmed
** Affects: wireshark (Ubuntu Utopic)
Importance: Medium
Status: Confirmed
** Tags: trusty utopic
** Description changed:
There are 6 new CVEs which impact Wireshark in Utopic. (Three of these
- also affect Precise)
+ also affect Trusty)
------
CVE-2015-2187: (Utopic)
The dissect_atn_cpdlc_heur function in
asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in
Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code
requirements, which allows remote attackers to cause a denial of service (stack
memory corruption and application crash) via a crafted packet.
- CVE-2015-2188: (Precise, Utopic)
+ CVE-2015-2188: (Trusty, Utopic)
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before
1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure,
which allows remote attackers to cause a denial of service (out-of-bounds read
and application crash) via a crafted packet that is improperly handled during
decompression.
- CVE-2015-2189: (Precise, Utopic)
+ CVE-2015-2189: (Trusty, Utopic)
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the
pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4
allows remote attackers to cause a denial of service (out-of-bounds read and
application crash) via an invalid Interface Statistics Block (ISB) interface ID
in a crafted packet.
CVE-2015-2190: (Utopic)
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle
integer data types greater than 32 bits in size, which allows remote attackers
to cause a denial of service (assertion failure and application exit) via a
crafted packet that is improperly handled by the LLDP dissector.
- CVE-2015-2191: (Precise, Utopic)
+ CVE-2015-2191: (Trusty, Utopic)
Integer overflow in the dissect_tnef function in
epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before
1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of
service (infinite loop) via a crafted length field in a packet.
CVE-2015-2192: (Utopic)
Integer overflow in the dissect_osd2_cdb_continuation function in
epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x
before 1.12.4 allows remote attackers to cause a denial of service (infinite
loop) via a crafted length field in a packet.
------
Vivid is not affected by these CVEs as the archive autosync pulled in a
version from Debian that has patches from Wireshark 1.12.4 which fix the
problem.
- Precise and Utopic are affected.
+ Trusty and Utopic are affected.
Importance set to medium because the majority of these CVEs have a
"medium" severity in the Ubuntu CVE tracker.
** Tags removed: precise
** Tags added: trusty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1440202
Title:
[Security] April 3 2015 - 6 New CVEs affect Wireshark
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1440202/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs