ports/171220: [vuxml][patch] net/wireshark: fix DoS in DRDA dissector
Eygene Ryabinkin
rea at FreeBSD.org
Fri Aug 31 20:00:25 UTC 2012
>Number: 171220
>Category: ports
>Synopsis: [vuxml][patch] net/wireshark: fix DoS in DRDA dissector
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 31 20:00:24 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 10.0-CURRENT amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 10.0-CURRENT amd64
>Description:
Wireshark's DRDA dissector is prone to the infinite loop problem
if specially crafted traffic is fed into it [1].
>How-To-Repeat:
[1] http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html
>Fix:
The patch at
http://codelabs.ru/fbsd/ports/wireshark/1.8.2-fix-cve-2012-3548.diff
fixes the issue for me. Here is the quality assurance page:
http://codelabs.ru/fbsd/ports/qa/net/wireshark/1.8.2_1
When you'll be updating the port, please, include the line
{{{
Security: http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html
}}}
into the commit log message. The version specification inside
VuXML entry (security/vuxml/vuln.xml) should be changed from "1.9"
to the port version that will receive the fix for this CVE.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list