Ubuntu
wireshark package

[Security] Wireshark Vulnerabilities (February 2015)

Bug #1418211 reported by Thomas Ward on 2015-02-04
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Fix Released
Medium
Unassigned
Precise
New
Medium
Unassigned
Trusty
Confirmed
Medium
Unassigned
Utopic
Fix Released
Medium
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

There are several new vulnerabilities found in Wireshark in 2015.

WCCP Dissector Crash (CVE-2015-0559, CVE-2015-0560)
(https://www.wireshark.org/security/wnpa-sec-2015-01.html)
Description: The WCCP dissector could crash.
Impact: "It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file."

LPP dissector crash (CVE-2015-0561)
(https://www.wireshark.org/security/wnpa-sec-2015-02.html)
Description: The LPP dissector could crash.
Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

DEC DNA Routing Protocol dissector crash (CVE-2015-0562)
(https://www.wireshark.org/security/wnpa-sec-2015-03.html)
Description: The DEC DNA Routing Protocol dissector could crash.
Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

SMTP dissector crash (CVE-2015-0563)
(https://www.wireshark.org/security/wnpa-sec-2015-04.html)
Description: The SMTP dissector could crash.
Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

TLS/SSL decryption crash (CVE-2015-0564)
(https://www.wireshark.org/security/wnpa-sec-2015-05.html)
Description: Wireshark could underflow a buffer while decypting TLS/SSL sessions. Discovered by Noam Rathaus.
Impact: "It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file."

------

Debian has already patched these in 1.12.1+g01b65bf-3.

Vivid is unaffected as it has the Debian version in which this is fixed. Utopic is known to be affected as it is an affected (and unpatched) 1.12.x version. Trusty is also known to be affected, as it has an affected (and unpatched) version of 1.10.x.

Precise is assumed to be affected, however this is unconfirmed.

------

A debdiff shall be attached to this bug shortly for Utopic.

See original description
Thomas Ward (teward) on 2015-02-04
description: updated
Changed in wireshark (Ubuntu):
status: Confirmed → Fix Released
Changed in wireshark (Ubuntu Precise):
status: New → Confirmed
Changed in wireshark (Ubuntu Trusty):
status: New → Confirmed
Changed in wireshark (Ubuntu Utopic):
status: New → Confirmed
Changed in wireshark (Ubuntu Precise):
importance: Undecided → Medium
Changed in wireshark (Ubuntu Utopic):
importance: Undecided → Medium
Changed in wireshark (Ubuntu Trusty):
importance: Undecided → Medium
Thomas Ward (teward) wrote :

Attached here is a Utopic debdiff to address this issue. The patches are pulled directly from Debian Unstable's 1.12.1+g01b65bf-3 package build. (The only patch not pulled is the GTK crash patch - the scope of nitpicking only covered the security fixes.)

There is a test build here (currently building at the time of this debdiff upload): https://launchpad.net/~teward/+archive/ubuntu/wireshark-security/+packages

Changed in wireshark (Ubuntu Precise):
status: Confirmed → New
Thomas Ward (teward) wrote :
Thomas Ward (teward) wrote :

The Debdiff has been updated to handle a patch that made its way in accidentally. I have removed it from the debdiff. This is building in the PPA as 1.12.1+g01b65bf-2~ubuntu14.10.2.1 because it is necessary to increase the version number so it is accepted/built in the PPA.

Marc Deslauriers (mdeslaur) wrote :

ACK on the utopic debdiff, thanks!

Changed in wireshark (Ubuntu Utopic):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wireshark - 1.12.1+g01b65bf-2~ubuntu14.10.2

---------------
wireshark (1.12.1+g01b65bf-2~ubuntu14.10.2) utopic-security; urgency=medium

  * Security Update to Address Multiple CVEs (LP: #1418211)
  * Additional new patches (from 1.12.3) in debian/patches/:
    * 22_1.12.3_fix_LPP_crash.patch: Fix LPP dissector crash.
      (CVE-2015-0561)
    * 23_1.12.3_fix_WCCP_crash_1.patch, 24_1.12.3_fix_WCCP_crash_2.patch:
      Fix WCCP dissector crash. (CVE-2015-0559, CVE-2015-0560)
    * 25_1.12.3_fix_DEC_DNA_crash.patch: Fix DEC DNA Routing Protocol
      dissector crash (CVE-2015-0562)
    * 26_1.12.3_fix_SMTP_crash_1.patch, 27_1.12.3_fix_SMTP_crash_2.patch:
      Fix SMTP dissector crash. (CVE-2015-0563)
    * 28_1.12.3_fix_TLS_crash.patch: Fix TLS/SSL decryption crash.
      (CVE-2015-0564)
 -- Thomas Ward <email address hidden> Wed, 04 Feb 2015 15:49:13 -0500

Changed in wireshark (Ubuntu Utopic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.
Subscribing...

Other bug subscribers