search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
102 stars 80 forks source link

wireshark: security update to 2.6.3 #1360

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

CVE IDs (if any)

CVE-2018-16058, CVE-2018-16056, CVE-2018-16057

Other security advisory IDs (if any)

wnpa-sec-2018-46. Radiotap dissector crash. Fixed in 2.6.3, 2.4.9, 2.2.17.
wnpa-sec-2018-45. Bluetooth Attribute Protocol dissector crash. Fixed in 2.6.3, 2.4.9, 2.2.17.
wnpa-sec-2018-44. Bluetooth AVDTP dissector crash. Fixed in 2.6.3, 2.4.9, 2.2.17.

Patches (if any)

N/A

PoC(s) (if any)

N/A

Additional descriptions (if applicable)

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

l2dy commented 6 years ago

Fixed in f11de7d750fef5eb4d774882ba15741d97f6ea25.

MingcongBai commented 6 years ago

Removing non-applicable architectures, "32-bit Optional Environment (optenv32)" and "RISC-V 64-bit (riscv64)".

MingcongBai commented 6 years ago

All architectures ready (https://github.com/AOSC-Dev/aosc-os-abbs/commit/f11de7d750fef5eb4d774882ba15741d97f6ea25). Closing.

l2dy commented 6 years ago

Use AOSA-2018-0393.