Debian Bug report logs - #680056
wireshark: CVE-2012-4048: PPP dissector crash/segfault

version graph

Package: wireshark; Maintainer for wireshark is Balint Reczey <balint@balintreczey.hu>; Source for wireshark is src:wireshark.

Reported by: Bjørn Mork <bjorn@mork.no>

Date: Tue, 3 Jul 2012 08:36:02 UTC

Severity: grave

Tags: confirmed, fixed-upstream, security, upstream

Found in versions wireshark/1.2.11-6, wireshark/1.8.0-1

Fixed in versions wireshark/1.8.2-1, wireshark/1.2.11-6+squeeze8

Done: Balint Reczey <balint@balintreczey.hu>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#680056; Package wireshark. (Tue, 03 Jul 2012 08:36:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bjørn Mork <bjorn@mork.no>:
New Bug report received and forwarded. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Tue, 03 Jul 2012 08:36:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bjørn Mork <bjorn@mork.no>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wireshark: segfaults when loading usbmon dump
Date: Tue, 03 Jul 2012 10:33:27 +0200
Package: wireshark
Version: 1.8.0-1
Severity: important

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Attempting to load a usbmon dump previously captured by wireshark
version  1.6.8-1 results in a segfault:

 bjorn@nemi:~$ wireshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump
 Segmentation fault

The dump is of some size, but not that big:

 bjorn@nemi:~$ file docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump
 docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump: tcpdump capture file (little-endian) - version 2.4, capture length 65535)
 bjorn@nemi:~$ ls -lh docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump
 -r--r--r-- 1 bjorn bjorn 41M May 22 17:47 docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump


tshark is able to read the file, but seems to truncate the output
without crashing:

bjorn@nemi:~$ tshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump|head
  1   0.000000                      host              20.0         USB URB_CONTROL out
  2   0.003208                      20.0              host         USB URB_CONTROL out
  3   0.005203                      20.5              host         USB URB_INTERRUPT in
  4   0.005214                      host              20.0         USB URB_CONTROL in
  5   0.005223                      host              20.5         USB URB_INTERRUPT in
  6   0.006204                      20.0              host         USB URB_CONTROL in
  7   0.032426                      host              20.0         USB URB_CONTROL out
  8   0.035215                      20.0              host         USB URB_CONTROL out
  9   0.039213                      20.5              host         USB URB_INTERRUPT in
 10   0.039221                      host              20.0         USB URB_CONTROL in

bjorn@nemi:~$ tshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump|tail
56313 132.172335                       1.0              host         USBHUB GET_STATUS Response
56314 132.227996                      host              1.0          USBHUB CLEAR_FEATURE Request
56315 132.228010                       1.0              host         USBHUB CLEAR_FEATURE Response
56316 132.228017                      host              0.0          USB SET ADDRESS Request
56317 132.228583                       0.0              host         USB SET ADDRESS Response
56318 132.247976                      host              23.0         USB GET DESCRIPTOR Request DEVICE
56319 132.248578                      23.0              host         USB GET DESCRIPTOR Response DEVICE
56320 132.248616                      host              23.0         USB GET DESCRIPTOR Request CONFIGURATION
56321 132.249577                      23.0              host         USB GET DESCRIPTOR Response CONFIGURATION
56322 132.249bjorn@nemi:~$ 


I did not notice any of these problems when using this file with 
wireshark version 1.6.8-1



Bjørn

- -- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (700, 'stable'), (600, 'unstable'), (500, 'stable-updates'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5.0-rc2+ (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wireshark depends on:
ii  libc6               2.13-33
ii  libcairo2           1.12.2-2
ii  libgdk-pixbuf2.0-0  2.26.1-1
ii  libglib2.0-0        2.32.3-1
ii  libgtk2.0-0         2.24.10-1
ii  libpango1.0-0       1.30.0-1
ii  libpcap0.8          1.3.0-1
ii  libportaudio2       19+svn20111121-1
ii  libwireshark2       1.8.0-1
ii  libwiretap2         1.8.0-1
ii  libwsutil2          1.8.0-1
ii  wireshark-common    1.8.0-1
ii  zlib1g              1:1.2.7.dfsg-13

wireshark recommends no packages.

wireshark suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/yrlQACgkQ10rqkowbIsmCSgCfScif2UQlQ+OzAegv3A+yUn2D
6w0AoIJp/HMrDdqYqN0MvSc5OpA+L371
=CA+H
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#680056; Package wireshark. (Tue, 03 Jul 2012 09:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to balint@balintreczey.hu:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Tue, 03 Jul 2012 09:15:06 GMT) Full text and rfc822 format available.

Message #10 received at 680056@bugs.debian.org (full text, mbox):

From: Bálint Réczey <balint@balintreczey.hu>
To: Bjørn Mork <bjorn@mork.no>, 680056@bugs.debian.org
Subject: Re: Bug#680056: wireshark: segfaults when loading usbmon dump
Date: Tue, 3 Jul 2012 11:11:15 +0200
Hi Bjørn,

Could you please attach the cappture file, the core dump or the
backtrace generated using the wireshark-dbg package?
You can open a private bug at https://bugs.wireshark.org/bugzilla/ if
you don't want to share the capture file here.

Cheers,
Balint


2012/7/3 Bjørn Mork <bjorn@mork.no>:
> Package: wireshark
> Version: 1.8.0-1
> Severity: important
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Attempting to load a usbmon dump previously captured by wireshark
> version  1.6.8-1 results in a segfault:
>
>  bjorn@nemi:~$ wireshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump
>  Segmentation fault
>
> The dump is of some size, but not that big:
>
>  bjorn@nemi:~$ file docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump
>  docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump: tcpdump capture file (little-endian) - version 2.4, capture length 65535)
>  bjorn@nemi:~$ ls -lh docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump
>  -r--r--r-- 1 bjorn bjorn 41M May 22 17:47 docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump
>
>
> tshark is able to read the file, but seems to truncate the output
> without crashing:
>
> bjorn@nemi:~$ tshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump|head
>   1   0.000000                      host              20.0         USB URB_CONTROL out
>   2   0.003208                      20.0              host         USB URB_CONTROL out
>   3   0.005203                      20.5              host         USB URB_INTERRUPT in
>   4   0.005214                      host              20.0         USB URB_CONTROL in
>   5   0.005223                      host              20.5         USB URB_INTERRUPT in
>   6   0.006204                      20.0              host         USB URB_CONTROL in
>   7   0.032426                      host              20.0         USB URB_CONTROL out
>   8   0.035215                      20.0              host         USB URB_CONTROL out
>   9   0.039213                      20.5              host         USB URB_INTERRUPT in
>  10   0.039221                      host              20.0         USB URB_CONTROL in
>
> bjorn@nemi:~$ tshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump|tail
> 56313 132.172335                       1.0              host         USBHUB GET_STATUS Response
> 56314 132.227996                      host              1.0          USBHUB CLEAR_FEATURE Request
> 56315 132.228010                       1.0              host         USBHUB CLEAR_FEATURE Response
> 56316 132.228017                      host              0.0          USB SET ADDRESS Request
> 56317 132.228583                       0.0              host         USB SET ADDRESS Response
> 56318 132.247976                      host              23.0         USB GET DESCRIPTOR Request DEVICE
> 56319 132.248578                      23.0              host         USB GET DESCRIPTOR Response DEVICE
> 56320 132.248616                      host              23.0         USB GET DESCRIPTOR Request CONFIGURATION
> 56321 132.249577                      23.0              host         USB GET DESCRIPTOR Response CONFIGURATION
> 56322 132.249bjorn@nemi:~$
>
>
> I did not notice any of these problems when using this file with
> wireshark version 1.6.8-1
>
>
>
> Bjørn
>
> - -- System Information:
> Debian Release: wheezy/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (700, 'stable'), (600, 'unstable'), (500, 'stable-updates'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 3.5.0-rc2+ (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages wireshark depends on:
> ii  libc6               2.13-33
> ii  libcairo2           1.12.2-2
> ii  libgdk-pixbuf2.0-0  2.26.1-1
> ii  libglib2.0-0        2.32.3-1
> ii  libgtk2.0-0         2.24.10-1
> ii  libpango1.0-0       1.30.0-1
> ii  libpcap0.8          1.3.0-1
> ii  libportaudio2       19+svn20111121-1
> ii  libwireshark2       1.8.0-1
> ii  libwiretap2         1.8.0-1
> ii  libwsutil2          1.8.0-1
> ii  wireshark-common    1.8.0-1
> ii  zlib1g              1:1.2.7.dfsg-13
>
> wireshark recommends no packages.
>
> wireshark suggests no packages.
>
> - -- no debconf information
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iEYEARECAAYFAk/yrlQACgkQ10rqkowbIsmCSgCfScif2UQlQ+OzAegv3A+yUn2D
> 6w0AoIJp/HMrDdqYqN0MvSc5OpA+L371
> =CA+H
> -----END PGP SIGNATURE-----
>
>

Information forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#680056; Package wireshark. (Tue, 03 Jul 2012 09:24:38 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bjørn Mork <bjorn@mork.no>:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Tue, 03 Jul 2012 09:24:42 GMT) Full text and rfc822 format available.

Message #15 received at 680056@bugs.debian.org (full text, mbox):

From: Bjørn Mork <bjorn@mork.no>
To: 680056@bugs.debian.org
Subject: sample single frame dump causing the crash
Date: Tue, 03 Jul 2012 11:10:38 +0200
[Message part 1 (text/plain, inline)]
I found that cutting parts of the dump produced files which wireshark
loaded just fine.  Used this to locate a single frame causing a crash:

 tshark -R 'frame.number eq 22308' -r ~/docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump -w /tmp/new.dump

bjorn@nemi:~$ wireshark -r /tmp/new.dump 
*** glibc detected *** wireshark: munmap_chunk(): invalid pointer: 0x00007f62d2240b50 ***
Segmentation fault


tshark does not seem to have problems displying this frame:

bjorn@nemi:~$ tshark -Vx -r /tmp/new.dump 
Frame 1: 77 bytes on wire (616 bits), 77 bytes captured (616 bits) on interface 0
    Interface id: 0
    WTAP_ENCAP: 115
    Arrival Time: May 22, 2012 17:40:39.353960000 CEST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1337701239.353960000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 77 bytes (616 bits)
    Capture Length: 77 bytes (616 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: usb:ppp:crtp]
USB URB
    URB id: 0xffff8801fc40a600
    URB type: URB_SUBMIT ('S')
    URB transfer type: URB_BULK (0x03)
    Endpoint: 0x01, Direction: OUT
        0... .... = Direction: OUT (0)
        .000 0001 = Endpoint value: 1
    Device: 21
    URB bus id: 2
    Device setup request: not relevant ('-')
    Data: present (0)
    URB sec: 1337701239
    URB usec: 353960
    URB status: Operation now in progress (-EINPROGRESS) (-115)
    URB length [bytes]: 13
    Data length [bytes]: 13
    [bInterfaceClass: Unknown (0xffff)]
Point-to-Point Protocol
    Protocol: RTP IPHC Full Header (0x0061)
RTP IPHC Full Header
    01.. .... = Flags: 8-bit Context Id (0x01)
    ..00 1001 = Generation: 9
    IP version is 13: the only supported version is 4

0000  00 a6 40 fc 01 88 ff ff 53 03 01 15 02 00 2d 00   ..@.....S.....-.
0010  77 b3 bb 4f 00 00 00 00 a8 66 05 00 8d ff ff ff   w..O.....f......
0020  0d 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00   ........@.......
0040  7e 61 d5 9f 49 98 c1 00 5a 00 40 00 75            ~a..I...Z.@.u


bjorn@nemi:~$ ls -l /tmp/new.dump 
-rw-r--r-- 1 bjorn bjorn 192 Jul  3 11:02 /tmp/new.dump
bjorn@nemi:~$ file /tmp/new.dump 
/tmp/new.dump: pcap-ng capture file - version 1.0
bjorn@nemi:~$ hexdump -C /tmp/new.dump 
00000000  0a 0d 0d 0a 30 00 00 00  4d 3c 2b 1a 01 00 00 00  |....0...M<+.....|
00000010  ff ff ff ff ff ff ff ff  04 00 0c 00 54 53 68 61  |............TSha|
00000020  72 6b 20 31 2e 38 2e 30  00 00 00 00 30 00 00 00  |rk 1.8.0....0...|
00000030  01 00 00 00 20 00 00 00  dc 00 00 00 ff ff 00 00  |.... ...........|
00000040  09 00 01 00 06 00 00 00  00 00 00 00 20 00 00 00  |............ ...|
00000050  06 00 00 00 70 00 00 00  00 00 00 00 a1 c0 04 00  |....p...........|
00000060  68 f2 2f d7 4d 00 00 00  4d 00 00 00 00 a6 40 fc  |h./.M...M.....@.|
00000070  01 88 ff ff 53 03 01 15  02 00 2d 00 77 b3 bb 4f  |....S.....-.w..O|
00000080  00 00 00 00 a8 66 05 00  8d ff ff ff 0d 00 00 00  |.....f..........|
00000090  0d 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 40 00 00 00  00 00 00 00 7e 61 d5 9f  |....@.......~a..|
000000b0  49 98 c1 00 5a 00 40 00  75 00 00 00 70 00 00 00  |I...Z.@.u...p...|
000000c0


Hope this helps reproducing the bug.



Bjørn

[new.dump (application/octet-stream, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#680056; Package wireshark. (Tue, 03 Jul 2012 09:40:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bjørn Mork <bjorn@mork.no>:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Tue, 03 Jul 2012 09:40:20 GMT) Full text and rfc822 format available.

Message #20 received at 680056@bugs.debian.org (full text, mbox):

From: Bjørn Mork <bjorn@mork.no>
To: balint@balintreczey.hu
Cc: 680056@bugs.debian.org
Subject: Re: Bug#680056: wireshark: segfaults when loading usbmon dump
Date: Tue, 03 Jul 2012 11:36:51 +0200
Bálint Réczey <balint@balintreczey.hu> writes:

> Could you please attach the cappture file, the core dump or the
> backtrace generated using the wireshark-dbg package?

bjorn@nemi:~$ gdb wireshark
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/wireshark...Reading symbols from /usr/lib/debug/.build-id/da/41d96104edb59789cb0b5e81cbb01d85823973.debug...done.
done.
(gdb) set pagination 0
(gdb) run -r /tmp/new.dump
Starting program: /usr/bin/wireshark -r /tmp/new.dump
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe130b700 (LWP 6509)]
[Thread 0x7fffe130b700 (LWP 6509) exited]
[New Thread 0x7fffe0b0a700 (LWP 6510)]
[New Thread 0x7fffe0309700 (LWP 6511)]
[Thread 0x7fffe0b0a700 (LWP 6510) exited]
[Thread 0x7fffe0309700 (LWP 6511) exited]
[New Thread 0x7fffdfb08700 (LWP 6512)]
[New Thread 0x7fffdf307700 (LWP 6513)]
[New Thread 0x7fffdeb06700 (LWP 6514)]
[Thread 0x7fffdfb08700 (LWP 6512) exited]
[Thread 0x7fffdeb06700 (LWP 6514) exited]
[Thread 0x7fffdf307700 (LWP 6513) exited]
[New Thread 0x7fffde305700 (LWP 6516)]
[Thread 0x7fffde305700 (LWP 6516) exited]
[New Thread 0x7fffddb04700 (LWP 6517)]
[New Thread 0x7fffdd303700 (LWP 6518)]
[New Thread 0x7fffdcb02700 (LWP 6519)]
[New Thread 0x7fffd7fff700 (LWP 6520)]
[Thread 0x7fffddb04700 (LWP 6517) exited]
[Thread 0x7fffdd303700 (LWP 6518) exited]
[Thread 0x7fffd7fff700 (LWP 6520) exited]
[New Thread 0x7fffd77fe700 (LWP 6521)]
[Thread 0x7fffdcb02700 (LWP 6519) exited]
[New Thread 0x7fffd6ffd700 (LWP 6522)]
[Thread 0x7fffd77fe700 (LWP 6521) exited]
[New Thread 0x7fffd67fc700 (LWP 6523)]
[New Thread 0x7fffd5ffb700 (LWP 6524)]
[Thread 0x7fffd5ffb700 (LWP 6524) exited]
[Thread 0x7fffd67fc700 (LWP 6523) exited]
[Thread 0x7fffd6ffd700 (LWP 6522) exited]
[New Thread 0x7fffd57fa700 (LWP 6525)]
[New Thread 0x7fffd4ff9700 (LWP 6526)]
[Thread 0x7fffd57fa700 (LWP 6525) exited]
[New Thread 0x7fffd47f8700 (LWP 6527)]
[New Thread 0x7fffd3ff7700 (LWP 6528)]
[Thread 0x7fffd47f8700 (LWP 6527) exited]
[Thread 0x7fffd4ff9700 (LWP 6526) exited]
[New Thread 0x7fffd37f6700 (LWP 6529)]
[Thread 0x7fffd3ff7700 (LWP 6528) exited]
[New Thread 0x7fffd2ff5700 (LWP 6530)]
[Thread 0x7fffd37f6700 (LWP 6529) exited]
[Thread 0x7fffd2ff5700 (LWP 6530) exited]
[New Thread 0x7fffd27f4700 (LWP 6531)]
[New Thread 0x7fffd1ff3700 (LWP 6532)]
[Thread 0x7fffd1ff3700 (LWP 6532) exited]
[Thread 0x7fffd27f4700 (LWP 6531) exited]
[New Thread 0x7fffd17f2700 (LWP 6533)]
[New Thread 0x7fffd0ff1700 (LWP 6534)]
[Thread 0x7fffd17f2700 (LWP 6533) exited]
[New Thread 0x7fffd07f0700 (LWP 6535)]
[New Thread 0x7fffcffef700 (LWP 6536)]
[New Thread 0x7fffcf7ee700 (LWP 6537)]
[Thread 0x7fffcffef700 (LWP 6536) exited]
[Thread 0x7fffd0ff1700 (LWP 6534) exited]
[Thread 0x7fffd07f0700 (LWP 6535) exited]
[New Thread 0x7fffcefed700 (LWP 6538)]
[Thread 0x7fffcf7ee700 (LWP 6537) exited]
[New Thread 0x7fffce7ec700 (LWP 6539)]
[Thread 0x7fffce7ec700 (LWP 6539) exited]
[New Thread 0x7fffcdfeb700 (LWP 6540)]
[New Thread 0x7fffcd7ea700 (LWP 6541)]
[Thread 0x7fffcefed700 (LWP 6538) exited]
[Thread 0x7fffcdfeb700 (LWP 6540) exited]
[New Thread 0x7fffccfe9700 (LWP 6542)]
[Thread 0x7fffcd7ea700 (LWP 6541) exited]
[New Thread 0x7fffcc7e8700 (LWP 6543)]
[Thread 0x7fffccfe9700 (LWP 6542) exited]
[New Thread 0x7fffcbfe7700 (LWP 6544)]
[New Thread 0x7fffcb7e6700 (LWP 6545)]
[Thread 0x7fffcb7e6700 (LWP 6545) exited]
[Thread 0x7fffcbfe7700 (LWP 6544) exited]
[Thread 0x7fffcc7e8700 (LWP 6543) exited]
[New Thread 0x7fffcafe5700 (LWP 6546)]
[New Thread 0x7fffca7e4700 (LWP 6547)]
[New Thread 0x7fffc9fe3700 (LWP 6548)]
[New Thread 0x7fffc97e2700 (LWP 6549)]
[Thread 0x7fffc97e2700 (LWP 6549) exited]
[New Thread 0x7fffc8fe1700 (LWP 6550)]
[Thread 0x7fffc9fe3700 (LWP 6548) exited]
[Thread 0x7fffcafe5700 (LWP 6546) exited]
[Thread 0x7fffca7e4700 (LWP 6547) exited]
[New Thread 0x7fffc87e0700 (LWP 6551)]
[Thread 0x7fffc8fe1700 (LWP 6550) exited]
[New Thread 0x7fffc7fdf700 (LWP 6552)]
[Thread 0x7fffc87e0700 (LWP 6551) exited]
[New Thread 0x7fffc77de700 (LWP 6553)]
[Thread 0x7fffc7fdf700 (LWP 6552) exited]
[New Thread 0x7fffc6fdd700 (LWP 6554)]
[Thread 0x7fffc77de700 (LWP 6553) exited]
[Thread 0x7fffc6fdd700 (LWP 6554) exited]
[New Thread 0x7fffc67dc700 (LWP 6555)]
[New Thread 0x7fffc5fdb700 (LWP 6556)]
[Thread 0x7fffc67dc700 (LWP 6555) exited]
[Thread 0x7fffc5fdb700 (LWP 6556) exited]
[New Thread 0x7fffc57da700 (LWP 6557)]
[New Thread 0x7fffc4fd9700 (LWP 6558)]
[Thread 0x7fffc4fd9700 (LWP 6558) exited]
[New Thread 0x7fffc47d8700 (LWP 6559)]
[New Thread 0x7fffc3fd7700 (LWP 6560)]
[Thread 0x7fffc47d8700 (LWP 6559) exited]
[Thread 0x7fffc57da700 (LWP 6557) exited]
[New Thread 0x7fffc37d6700 (LWP 6561)]
[New Thread 0x7fffc2fd5700 (LWP 6562)]
[Thread 0x7fffc3fd7700 (LWP 6560) exited]
[New Thread 0x7fffc27d4700 (LWP 6563)]
[Thread 0x7fffc37d6700 (LWP 6561) exited]
[Thread 0x7fffc2fd5700 (LWP 6562) exited]
[New Thread 0x7fffc1fd3700 (LWP 6564)]
[Thread 0x7fffc27d4700 (LWP 6563) exited]
[Thread 0x7fffc1fd3700 (LWP 6564) exited]
[New Thread 0x7fffc17d2700 (LWP 6565)]
*** glibc detected *** /usr/bin/wireshark: munmap_chunk(): invalid pointer: 0x0000555556d98f30 ***

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1a9adbd in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007ffff1a9adbd in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff1a9d2a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff1a9ef42 in calloc () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007ffff7de7abf in ?? () from /lib64/ld-linux-x86-64.so.2
#4  0x00007ffff7de3126 in ?? () from /lib64/ld-linux-x86-64.so.2
#5  0x00007ffff7de495a in ?? () from /lib64/ld-linux-x86-64.so.2
#6  0x00007ffff7def10e in ?? () from /lib64/ld-linux-x86-64.so.2
#7  0x00007ffff7deabd6 in ?? () from /lib64/ld-linux-x86-64.so.2
#8  0x00007ffff7deeb4a in ?? () from /lib64/ld-linux-x86-64.so.2
#9  0x00007ffff1b33d00 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x00007ffff7deabd6 in ?? () from /lib64/ld-linux-x86-64.so.2
#11 0x00007ffff1b33d9f in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#12 0x00007ffff1b33e97 in __libc_dlopen_mode () from /lib/x86_64-linux-gnu/libc.so.6
#13 0x00007ffff1b11fc5 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#14 0x00007ffff1db8830 in pthread_once () from /lib/x86_64-linux-gnu/libpthread.so.0
#15 0x00007ffff1b120c4 in backtrace () from /lib/x86_64-linux-gnu/libc.so.6
#16 0x00007ffff1a9130f in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#17 0x00007ffff1a9ab46 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#18 0x00005555555f2dfa in cf_read (cf=cf@entry=0x5555559a9540, reloading=reloading@entry=0) at file.c:642
#19 0x00005555555e1b3d in main (argc=0, argv=0x7fffffffe370) at main.c:3049
(gdb)

Not sure if that was too useful... Anything else I should have done
here? 



> You can open a private bug at https://bugs.wireshark.org/bugzilla/ if
> you don't want to share the capture file here.

I cannot share the original dump as it contains firmware provided under
NDA.  But I hope that the single packet dump I provided is sufficient to
track down this bug.



Bjørn




Information forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#680056; Package wireshark. (Wed, 04 Jul 2012 07:48:19 GMT) Full text and rfc822 format available.

Acknowledgement sent to balint@balintreczey.hu:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Wed, 04 Jul 2012 07:48:19 GMT) Full text and rfc822 format available.

Message #25 received at 680056@bugs.debian.org (full text, mbox):

From: Bálint Réczey <balint@balintreczey.hu>
To: Bjørn Mork <bjorn@mork.no>
Cc: 680056@bugs.debian.org
Subject: Re: Bug#680056: wireshark: segfaults when loading usbmon dump
Date: Wed, 4 Jul 2012 09:30:29 +0200
Hi Bjørn,

2012/7/3 Bjørn Mork <bjorn@mork.no>:
> Bálint Réczey <balint@balintreczey.hu> writes:
>
>> Could you please attach the cappture file, the core dump or the
>> backtrace generated using the wireshark-dbg package?
>
> bjorn@nemi:~$ gdb wireshark
> GNU gdb (GDB) 7.4.1-debian
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/bin/wireshark...Reading symbols from /usr/lib/debug/.build-id/da/41d96104edb59789cb0b5e81cbb01d85823973.debug...done.
> done.
> (gdb) set pagination 0
> (gdb) run -r /tmp/new.dump
> Starting program: /usr/bin/wireshark -r /tmp/new.dump
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> [New Thread 0x7fffe130b700 (LWP 6509)]
> [Thread 0x7fffe130b700 (LWP 6509) exited]
> [New Thread 0x7fffe0b0a700 (LWP 6510)]
> [New Thread 0x7fffe0309700 (LWP 6511)]
> [Thread 0x7fffe0b0a700 (LWP 6510) exited]
> [Thread 0x7fffe0309700 (LWP 6511) exited]
> [New Thread 0x7fffdfb08700 (LWP 6512)]
> [New Thread 0x7fffdf307700 (LWP 6513)]
> [New Thread 0x7fffdeb06700 (LWP 6514)]
> [Thread 0x7fffdfb08700 (LWP 6512) exited]
> [Thread 0x7fffdeb06700 (LWP 6514) exited]
> [Thread 0x7fffdf307700 (LWP 6513) exited]
> [New Thread 0x7fffde305700 (LWP 6516)]
> [Thread 0x7fffde305700 (LWP 6516) exited]
> [New Thread 0x7fffddb04700 (LWP 6517)]
> [New Thread 0x7fffdd303700 (LWP 6518)]
> [New Thread 0x7fffdcb02700 (LWP 6519)]
> [New Thread 0x7fffd7fff700 (LWP 6520)]
> [Thread 0x7fffddb04700 (LWP 6517) exited]
> [Thread 0x7fffdd303700 (LWP 6518) exited]
> [Thread 0x7fffd7fff700 (LWP 6520) exited]
> [New Thread 0x7fffd77fe700 (LWP 6521)]
> [Thread 0x7fffdcb02700 (LWP 6519) exited]
> [New Thread 0x7fffd6ffd700 (LWP 6522)]
> [Thread 0x7fffd77fe700 (LWP 6521) exited]
> [New Thread 0x7fffd67fc700 (LWP 6523)]
> [New Thread 0x7fffd5ffb700 (LWP 6524)]
> [Thread 0x7fffd5ffb700 (LWP 6524) exited]
> [Thread 0x7fffd67fc700 (LWP 6523) exited]
> [Thread 0x7fffd6ffd700 (LWP 6522) exited]
> [New Thread 0x7fffd57fa700 (LWP 6525)]
> [New Thread 0x7fffd4ff9700 (LWP 6526)]
> [Thread 0x7fffd57fa700 (LWP 6525) exited]
> [New Thread 0x7fffd47f8700 (LWP 6527)]
> [New Thread 0x7fffd3ff7700 (LWP 6528)]
> [Thread 0x7fffd47f8700 (LWP 6527) exited]
> [Thread 0x7fffd4ff9700 (LWP 6526) exited]
> [New Thread 0x7fffd37f6700 (LWP 6529)]
> [Thread 0x7fffd3ff7700 (LWP 6528) exited]
> [New Thread 0x7fffd2ff5700 (LWP 6530)]
> [Thread 0x7fffd37f6700 (LWP 6529) exited]
> [Thread 0x7fffd2ff5700 (LWP 6530) exited]
> [New Thread 0x7fffd27f4700 (LWP 6531)]
> [New Thread 0x7fffd1ff3700 (LWP 6532)]
> [Thread 0x7fffd1ff3700 (LWP 6532) exited]
> [Thread 0x7fffd27f4700 (LWP 6531) exited]
> [New Thread 0x7fffd17f2700 (LWP 6533)]
> [New Thread 0x7fffd0ff1700 (LWP 6534)]
> [Thread 0x7fffd17f2700 (LWP 6533) exited]
> [New Thread 0x7fffd07f0700 (LWP 6535)]
> [New Thread 0x7fffcffef700 (LWP 6536)]
> [New Thread 0x7fffcf7ee700 (LWP 6537)]
> [Thread 0x7fffcffef700 (LWP 6536) exited]
> [Thread 0x7fffd0ff1700 (LWP 6534) exited]
> [Thread 0x7fffd07f0700 (LWP 6535) exited]
> [New Thread 0x7fffcefed700 (LWP 6538)]
> [Thread 0x7fffcf7ee700 (LWP 6537) exited]
> [New Thread 0x7fffce7ec700 (LWP 6539)]
> [Thread 0x7fffce7ec700 (LWP 6539) exited]
> [New Thread 0x7fffcdfeb700 (LWP 6540)]
> [New Thread 0x7fffcd7ea700 (LWP 6541)]
> [Thread 0x7fffcefed700 (LWP 6538) exited]
> [Thread 0x7fffcdfeb700 (LWP 6540) exited]
> [New Thread 0x7fffccfe9700 (LWP 6542)]
> [Thread 0x7fffcd7ea700 (LWP 6541) exited]
> [New Thread 0x7fffcc7e8700 (LWP 6543)]
> [Thread 0x7fffccfe9700 (LWP 6542) exited]
> [New Thread 0x7fffcbfe7700 (LWP 6544)]
> [New Thread 0x7fffcb7e6700 (LWP 6545)]
> [Thread 0x7fffcb7e6700 (LWP 6545) exited]
> [Thread 0x7fffcbfe7700 (LWP 6544) exited]
> [Thread 0x7fffcc7e8700 (LWP 6543) exited]
> [New Thread 0x7fffcafe5700 (LWP 6546)]
> [New Thread 0x7fffca7e4700 (LWP 6547)]
> [New Thread 0x7fffc9fe3700 (LWP 6548)]
> [New Thread 0x7fffc97e2700 (LWP 6549)]
> [Thread 0x7fffc97e2700 (LWP 6549) exited]
> [New Thread 0x7fffc8fe1700 (LWP 6550)]
> [Thread 0x7fffc9fe3700 (LWP 6548) exited]
> [Thread 0x7fffcafe5700 (LWP 6546) exited]
> [Thread 0x7fffca7e4700 (LWP 6547) exited]
> [New Thread 0x7fffc87e0700 (LWP 6551)]
> [Thread 0x7fffc8fe1700 (LWP 6550) exited]
> [New Thread 0x7fffc7fdf700 (LWP 6552)]
> [Thread 0x7fffc87e0700 (LWP 6551) exited]
> [New Thread 0x7fffc77de700 (LWP 6553)]
> [Thread 0x7fffc7fdf700 (LWP 6552) exited]
> [New Thread 0x7fffc6fdd700 (LWP 6554)]
> [Thread 0x7fffc77de700 (LWP 6553) exited]
> [Thread 0x7fffc6fdd700 (LWP 6554) exited]
> [New Thread 0x7fffc67dc700 (LWP 6555)]
> [New Thread 0x7fffc5fdb700 (LWP 6556)]
> [Thread 0x7fffc67dc700 (LWP 6555) exited]
> [Thread 0x7fffc5fdb700 (LWP 6556) exited]
> [New Thread 0x7fffc57da700 (LWP 6557)]
> [New Thread 0x7fffc4fd9700 (LWP 6558)]
> [Thread 0x7fffc4fd9700 (LWP 6558) exited]
> [New Thread 0x7fffc47d8700 (LWP 6559)]
> [New Thread 0x7fffc3fd7700 (LWP 6560)]
> [Thread 0x7fffc47d8700 (LWP 6559) exited]
> [Thread 0x7fffc57da700 (LWP 6557) exited]
> [New Thread 0x7fffc37d6700 (LWP 6561)]
> [New Thread 0x7fffc2fd5700 (LWP 6562)]
> [Thread 0x7fffc3fd7700 (LWP 6560) exited]
> [New Thread 0x7fffc27d4700 (LWP 6563)]
> [Thread 0x7fffc37d6700 (LWP 6561) exited]
> [Thread 0x7fffc2fd5700 (LWP 6562) exited]
> [New Thread 0x7fffc1fd3700 (LWP 6564)]
> [Thread 0x7fffc27d4700 (LWP 6563) exited]
> [Thread 0x7fffc1fd3700 (LWP 6564) exited]
> [New Thread 0x7fffc17d2700 (LWP 6565)]
> *** glibc detected *** /usr/bin/wireshark: munmap_chunk(): invalid pointer: 0x0000555556d98f30 ***
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff1a9adbd in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> (gdb) bt
> #0  0x00007ffff1a9adbd in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #1  0x00007ffff1a9d2a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #2  0x00007ffff1a9ef42 in calloc () from /lib/x86_64-linux-gnu/libc.so.6
> #3  0x00007ffff7de7abf in ?? () from /lib64/ld-linux-x86-64.so.2
> #4  0x00007ffff7de3126 in ?? () from /lib64/ld-linux-x86-64.so.2
> #5  0x00007ffff7de495a in ?? () from /lib64/ld-linux-x86-64.so.2
> #6  0x00007ffff7def10e in ?? () from /lib64/ld-linux-x86-64.so.2
> #7  0x00007ffff7deabd6 in ?? () from /lib64/ld-linux-x86-64.so.2
> #8  0x00007ffff7deeb4a in ?? () from /lib64/ld-linux-x86-64.so.2
> #9  0x00007ffff1b33d00 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #10 0x00007ffff7deabd6 in ?? () from /lib64/ld-linux-x86-64.so.2
> #11 0x00007ffff1b33d9f in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #12 0x00007ffff1b33e97 in __libc_dlopen_mode () from /lib/x86_64-linux-gnu/libc.so.6
> #13 0x00007ffff1b11fc5 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #14 0x00007ffff1db8830 in pthread_once () from /lib/x86_64-linux-gnu/libpthread.so.0
> #15 0x00007ffff1b120c4 in backtrace () from /lib/x86_64-linux-gnu/libc.so.6
> #16 0x00007ffff1a9130f in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #17 0x00007ffff1a9ab46 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #18 0x00005555555f2dfa in cf_read (cf=cf@entry=0x5555559a9540, reloading=reloading@entry=0) at file.c:642
> #19 0x00005555555e1b3d in main (argc=0, argv=0x7fffffffe370) at main.c:3049
> (gdb)
>
> Not sure if that was too useful... Anything else I should have done
> here?
It is useful but strange. :-)
Let me set up an amd64 box to reproduce it. Thanks for the capture
file with one packet.

>
>
>
>> You can open a private bug at https://bugs.wireshark.org/bugzilla/ if
>> you don't want to share the capture file here.
>
> I cannot share the original dump as it contains firmware provided under
> NDA.  But I hope that the single packet dump I provided is sufficient to
> track down this bug.
It should be enough.

Cheers,
Balint

>
>
>
> Bjørn




Added tag(s) upstream, confirmed, and fixed-upstream. Request was from Bálint Réczey <balint@balintreczey.hu> to control@bugs.debian.org. (Thu, 19 Jul 2012 07:06:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#680056; Package wireshark. (Tue, 24 Jul 2012 07:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henri Salo <henri@nerv.fi>:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Tue, 24 Jul 2012 07:00:03 GMT) Full text and rfc822 format available.

Message #32 received at 680056@bugs.debian.org (full text, mbox):

From: Henri Salo <henri@nerv.fi>
To: 680056@bugs.debian.org
Subject: CVE assigned
Date: Tue, 24 Jul 2012 09:49:33 +0300
Hello,

CVE-identifier CVE-2012-4048 has been assigned in here http://www.openwall.com/lists/oss-security/2012/07/24/1 for this issue.

- Henri Salo



Changed Bug title to 'wireshark: CVE-2012-4048: PPP dissector crash/segfault' from 'wireshark: segfaults when loading usbmon dump' Request was from Henri Salo <henri@nerv.fi> to control@bugs.debian.org. (Tue, 24 Jul 2012 07:00:05 GMT) Full text and rfc822 format available.

Added tag(s) security. Request was from Henri Salo <henri@nerv.fi> to control@bugs.debian.org. (Tue, 24 Jul 2012 07:00:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#680056; Package wireshark. (Wed, 25 Jul 2012 10:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to balint@balintreczey.hu:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Wed, 25 Jul 2012 10:54:03 GMT) Full text and rfc822 format available.

Message #41 received at 680056@bugs.debian.org (full text, mbox):

From: Bálint Réczey <balint@balintreczey.hu>
To: 680056@bugs.debian.org
Cc: control <control@bugs.debian.org>
Subject: Freeze exception request has been sent
Date: Wed, 25 Jul 2012 12:51:17 +0200
block 680056 by 682686
thanks

Freeze exception request has been sent:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682686

Cheers,
Balint



Added blocking bug(s) of 680056: 682686 Request was from Bálint Réczey <balint@balintreczey.hu> to control@bugs.debian.org. (Wed, 25 Jul 2012 10:54:05 GMT) Full text and rfc822 format available.

Severity set to 'grave' from 'important' Request was from Bálint Réczey <balint@balintreczey.hu> to control@bugs.debian.org. (Sat, 11 Aug 2012 15:21:07 GMT) Full text and rfc822 format available.

Marked as found in versions wireshark/1.2.11-6. Request was from Bálint Réczey <balint@balintreczey.hu> to control@bugs.debian.org. (Sat, 11 Aug 2012 15:21:08 GMT) Full text and rfc822 format available.

Reply sent to Balint Reczey <balint@balintreczey.hu>:
You have taken responsibility. (Sun, 19 Aug 2012 15:24:03 GMT) Full text and rfc822 format available.

Notification sent to Bjørn Mork <bjorn@mork.no>:
Bug acknowledged by developer. (Sun, 19 Aug 2012 15:24:03 GMT) Full text and rfc822 format available.

Message #52 received at 680056-close@bugs.debian.org (full text, mbox):

From: Balint Reczey <balint@balintreczey.hu>
To: 680056-close@bugs.debian.org
Subject: Bug#680056: fixed in wireshark 1.8.2-1
Date: Sun, 19 Aug 2012 15:20:50 +0000
Source: wireshark
Source-Version: 1.8.2-1

We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 680056@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated wireshark package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 19 Aug 2012 14:30:56 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark2 libwsutil2 libwsutil-dev libwireshark-data libwireshark-dev libwiretap2 libwiretap-dev
Architecture: source all i386
Version: 1.8.2-1
Distribution: unstable
Urgency: high
Maintainer: Balint Reczey <balint@balintreczey.hu>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description: 
 libwireshark-data - network packet dissection library -- data files
 libwireshark-dev - network packet dissection library -- development files
 libwireshark2 - network packet dissection library -- shared library
 libwiretap-dev - network packet capture library -- development files
 libwiretap2 - network packet capture library -- shared library
 libwsutil-dev - network packet dissection utilities library -- shared library
 libwsutil2 - network packet dissection utilities library -- shared library
 tshark     - network traffic analyzer - console version
 wireshark  - network traffic analyzer - GTK+ version
 wireshark-common - network traffic analyzer - common files
 wireshark-dbg - network traffic analyzer - debug symbols
 wireshark-dev - network traffic analyzer - development tools
 wireshark-doc - network traffic analyzer - documentation
Closes: 680056
Changes: 
 wireshark (1.8.2-1) unstable; urgency=high
 .
   * New upstream release 1.8.2 (skipping 1.8.1 in Debian)
     - release notes:
       http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html
     - security fixes:
       - The PPP dissector could crash (Closes: #680056)(CVE-2012-4048)
       - The NFS dissector could use excessive amounts of CPU (CVE-2012-4049)
       - The DCP ETSI dissector could trigger a zero division. Reported by
          Laurent Butti. (CVE-2012-4285)
       - The MongoDB dissector could go into a large loop. Reported by
 	 Ben Schmidt. (CVE-2012-4287)
       - The XTP dissector could go into an infinite loop. Reported by
 	 Ben Schmidt. (CVE-2012-4288)
       - The ERF dissector could overflow a buffer. Reported by
 	 Laurent Butti. (CVE-2012-4294 CVE-2012-4295)
       - The AFP dissector could go into a large loop. Reported by
 	 Stefan Cornelius. (CVE-2012-4289)
       - The RTPS2 dissector could overflow a buffer. Reported by
 	 Laurent Butti. (CVE-2012-4296)
       - The GSM RLC MAC dissector could overflow a buffer. Reported by
 	 Laurent Butti. (CVE-2012-4297)
       - The CIP dissector could exhaust system memory. Reported by
 	 Ben Schmidt. (CVE-2012-4291)
       - The STUN dissector could crash. Reported by Laurent Butti.
 	 (CVE-2012-4292)
       - The EtherCAT Mailbox dissector could abort. Reported by
 	 Laurent Butti. (CVE-2012-4293)
       - The CTDB dissector could go into a large loop. Reported by
 	 Ben Schmidt. (CVE-2012-4290)
       - The pcap-ng file parser could trigger a zero division (CVE-2012-4286)
       - The Ixia IxVeriWave file parser could overflow a buffer
 	 (CVE-2012-4298)
Checksums-Sha1: 
 822d88c9e43d6e102d504deb74647b1ccbeb26a2 2288 wireshark_1.8.2-1.dsc
 4737d9745dbf002444ea42615243abf3bb80b943 24121798 wireshark_1.8.2.orig.tar.bz2
 86f005ed637edd320e7ba9a31041876d70bee1ad 59702 wireshark_1.8.2-1.debian.tar.gz
 1667fb9bada7a163ce4b20b26fba41f7398df8e5 3883092 wireshark-doc_1.8.2-1_all.deb
 3950390de808b555a03ed3c5ce8a44c68920d6d5 1221878 libwireshark-data_1.8.2-1_all.deb
 f0ac42b07409870529b2a81633e983d8ab82fa46 226848 wireshark-common_1.8.2-1_i386.deb
 c88dcaa4eeba25a3ee1cb08f4805ed97ef44a100 950268 wireshark_1.8.2-1_i386.deb
 926a24f0fdae32b7b3b9f508b93c8349ec116130 179328 tshark_1.8.2-1_i386.deb
 db86b5cda5c1e7b62af646c75c4ace89fd89f861 177286 wireshark-dev_1.8.2-1_i386.deb
 450ee079a932293bf5d561fb10f233dd1ddc6af8 25970680 wireshark-dbg_1.8.2-1_i386.deb
 d9e4cae8f88d71c1dee17e0ce0cca92301740d4d 11206524 libwireshark2_1.8.2-1_i386.deb
 f8cd8aa0807c70d430e2f082e058faec441ab5fa 49716 libwsutil2_1.8.2-1_i386.deb
 0c71adb29c76cc030e94b0461ece550f2f6082ef 49108 libwsutil-dev_1.8.2-1_i386.deb
 4418de003c1c440b5d479398bc0c3a9664034e7a 905700 libwireshark-dev_1.8.2-1_i386.deb
 9b1d722dd375b54382eeaaaef2110beaed7a1f5c 196954 libwiretap2_1.8.2-1_i386.deb
 39058c4493b7cf8bbdd24d6b1925212b0c053d1e 69760 libwiretap-dev_1.8.2-1_i386.deb
Checksums-Sha256: 
 031c355998ff0f0f789f35ad96e335044ed725464c35099903174f9d420ac75a 2288 wireshark_1.8.2-1.dsc
 3f0e688d889345033e0a7e4f36aea78248e5c7b32d0dfc19eac044188aac11cc 24121798 wireshark_1.8.2.orig.tar.bz2
 0277170fcb3d4e4a95de0479c9e9c5d32f88f77f8f656eb1b29ae17ceaaa6cbd 59702 wireshark_1.8.2-1.debian.tar.gz
 88888bacae7cc940364d0666813c106cba4baf599b2a872c8a1259fdcfb452c1 3883092 wireshark-doc_1.8.2-1_all.deb
 43ae708437ea0123f6b8c7cd708a9bf168a75a2ac60270550c1a0087d1523122 1221878 libwireshark-data_1.8.2-1_all.deb
 7ef02aa9fa417bbd50652d932ff865069e2bc54ecf7e607b9843a6301fea69a1 226848 wireshark-common_1.8.2-1_i386.deb
 add14c71f58e8b962ceedb6319d2350be71a3d3e6465af264c4346bd411e0512 950268 wireshark_1.8.2-1_i386.deb
 69f4c00140237e6b2c5d0a75c50a2a634d33e5e6dc2e2a2b8d7edb015660ed04 179328 tshark_1.8.2-1_i386.deb
 dc1ead7893e4f62f0810979710df42893fe7dd93176a1cdd969adac16ad1c58c 177286 wireshark-dev_1.8.2-1_i386.deb
 35f185c9206f4a480f59085519c6aebe2295363cc831704189f4469a4bab565f 25970680 wireshark-dbg_1.8.2-1_i386.deb
 62ca143e44f62736f344737707edcbac2a53f91030f87b7b5d939120eb1ef794 11206524 libwireshark2_1.8.2-1_i386.deb
 c0a6fc5bdb852bcd0ede2a8d23d83939f4b1c824a42399eb7cf2e94802e0b8e5 49716 libwsutil2_1.8.2-1_i386.deb
 cf7466868010fbd4db73e55ff6bc07730a92895d5d9222b2b0b50bba8e51c76f 49108 libwsutil-dev_1.8.2-1_i386.deb
 095a594a604068bc21f4da32e55550df3da7fa17df05587576b7c684b1323ecb 905700 libwireshark-dev_1.8.2-1_i386.deb
 3db5e903f117e4c033b91442d0ec9271bca79ffdfffbace4dd2e70ab6f271549 196954 libwiretap2_1.8.2-1_i386.deb
 edfab12f4f711c8476186ad0f4c8367097bc707febf85f59f292d75ad413c433 69760 libwiretap-dev_1.8.2-1_i386.deb
Files: 
 10d51f156b53a40a1b8754139507ce31 2288 net optional wireshark_1.8.2-1.dsc
 5e3ea7eed50dace479e12f49d24506f4 24121798 net optional wireshark_1.8.2.orig.tar.bz2
 5c351d6b791dc107462191c3b62814db 59702 net optional wireshark_1.8.2-1.debian.tar.gz
 046c42ca9945ee04cf3df99cb84bfce9 3883092 doc extra wireshark-doc_1.8.2-1_all.deb
 90d4cc5883169ca634a797d087010796 1221878 libs optional libwireshark-data_1.8.2-1_all.deb
 755325054d4df1b0ce006154bb2dbc44 226848 net optional wireshark-common_1.8.2-1_i386.deb
 5ffcf6f3ccd2a2e7bd649c37be741517 950268 net optional wireshark_1.8.2-1_i386.deb
 03ed5b618c51ed35360b42efd888e450 179328 net optional tshark_1.8.2-1_i386.deb
 06fa6bd9a1b0303b75da18e25a1add64 177286 devel optional wireshark-dev_1.8.2-1_i386.deb
 157204f4643389636ceff9410af2b3f3 25970680 debug extra wireshark-dbg_1.8.2-1_i386.deb
 8310f26593ab4fdb07d463449cbf9b23 11206524 libs optional libwireshark2_1.8.2-1_i386.deb
 4a8c76df377b983659761b57b40e7c31 49716 libs optional libwsutil2_1.8.2-1_i386.deb
 dce21393ebda942902c444b5814928dc 49108 libdevel optional libwsutil-dev_1.8.2-1_i386.deb
 fe24f84a78185cf0c8a4c1ea62eefee9 905700 libdevel optional libwireshark-dev_1.8.2-1_i386.deb
 bdd8e15969ff1a3240571c27d54d86f5 196954 libs optional libwiretap2_1.8.2-1_i386.deb
 8b616d43229fd3634e980b4063ba0ddf 69760 libdevel optional libwiretap-dev_1.8.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFQMPvbmSuMdaVnTsERApbVAKCCZH1qX+j/0QItfRX+ix6SbSsXEwCcCYm6
0oQHnGvm8lZKU7ZaaNgNT2A=
=jCOf
-----END PGP SIGNATURE-----




Reply sent to Balint Reczey <balint@balintreczey.hu>:
You have taken responsibility. (Sun, 30 Dec 2012 18:51:06 GMT) Full text and rfc822 format available.

Notification sent to Bjørn Mork <bjorn@mork.no>:
Bug acknowledged by developer. (Sun, 30 Dec 2012 18:51:06 GMT) Full text and rfc822 format available.

Message #57 received at 680056-close@bugs.debian.org (full text, mbox):

From: Balint Reczey <balint@balintreczey.hu>
To: 680056-close@bugs.debian.org
Subject: Bug#680056: fixed in wireshark 1.2.11-6+squeeze8
Date: Sun, 30 Dec 2012 18:47:06 +0000
Source: wireshark
Source-Version: 1.2.11-6+squeeze8

We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 680056@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated wireshark package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 20 Oct 2012 20:46:34 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg
Architecture: source amd64
Version: 1.2.11-6+squeeze8
Distribution: stable-security
Urgency: high
Maintainer: Balint Reczey <balint@balintreczey.hu>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description: 
 tshark     - network traffic analyzer - console version
 wireshark  - network traffic analyzer - GTK+ version
 wireshark-common - network traffic analyzer - common files
 wireshark-dbg - network traffic analyzer - debug symbols
 wireshark-dev - network traffic analyzer - development tools
Closes: 680056
Changes: 
 wireshark (1.2.11-6+squeeze8) stable-security; urgency=high
 .
   * security fixes from Wireshark 1.6.9 and 1.6.10:
     - The PPP dissector could crash (CVE-2012-4048) (Closes: #680056)
     - The RTPS2 dissector could overflow a buffer. Reported by
       Laurent Butti. (CVE-2012-4296)
   * drop obsolete patches:
     - debian-changes-1.2.11-6+squeeze3
     - 03_preferences.dpatch
Checksums-Sha1: 
 e6c43821022d3d36f6a326f2b17fbd5067df8d37 1747 wireshark_1.2.11-6+squeeze8.dsc
 933eda1dade7c64aa7320d04f2fa940b9679b662 94770 wireshark_1.2.11-6+squeeze8.debian.tar.gz
 5014eba4e78dfeb9f2aa63fae1936f6a5294b58a 13778974 wireshark-common_1.2.11-6+squeeze8_amd64.deb
 eb682b19bcbed3f91d8cc5accfcf545ac87b63e1 797192 wireshark_1.2.11-6+squeeze8_amd64.deb
 59dc203c5315dfb3a9d01f3d12ea47b383ef13e1 133418 tshark_1.2.11-6+squeeze8_amd64.deb
 a89569be776a9b7232cfa1a1744803474083917b 795510 wireshark-dev_1.2.11-6+squeeze8_amd64.deb
 4d517e90bcf5c6863dac2db5c0c9595ac59a2f8b 15786554 wireshark-dbg_1.2.11-6+squeeze8_amd64.deb
Checksums-Sha256: 
 6be9a87d640a7a00f579a7fa4fd798b01ff300d2aa44e60e21253231e448f12c 1747 wireshark_1.2.11-6+squeeze8.dsc
 11028e101f8d8558931b0cbdb64db95ccc4c70333ac68b98785ea68225ef225b 94770 wireshark_1.2.11-6+squeeze8.debian.tar.gz
 028a44664bd0a48e94d23c5498e425480ab8c5165c1bf3428ca3fa735d8ec3f5 13778974 wireshark-common_1.2.11-6+squeeze8_amd64.deb
 cbb19c24410e9874e60f7a19fc1733d22250a846377b6217abb17b1388d949cb 797192 wireshark_1.2.11-6+squeeze8_amd64.deb
 f472b3656dcb3000683a7cfb252bbe511687faaa04442006f9e8c8dfebcadd80 133418 tshark_1.2.11-6+squeeze8_amd64.deb
 614d8e310fb9030163a184403f8eb350f8f65989c7c858a437bbe678111f8d4b 795510 wireshark-dev_1.2.11-6+squeeze8_amd64.deb
 fa9f6d0a12dadec7ef3cfb8a21c796eda52b71ada15c275b5b22278c441e834d 15786554 wireshark-dbg_1.2.11-6+squeeze8_amd64.deb
Files: 
 900e9713288799e72f518aa4f715dd97 1747 net optional wireshark_1.2.11-6+squeeze8.dsc
 9d7421c4ad852da3adc3a601bc7d3c5f 94770 net optional wireshark_1.2.11-6+squeeze8.debian.tar.gz
 ab71d7e10f28790c30b8dd6ed9200fd7 13778974 net optional wireshark-common_1.2.11-6+squeeze8_amd64.deb
 a68eb50950b3b6d8bff4b18bcc5dc03e 797192 net optional wireshark_1.2.11-6+squeeze8_amd64.deb
 f8ee3891c83acf9cac4e2b77c87d0bb3 133418 net optional tshark_1.2.11-6+squeeze8_amd64.deb
 490e270d0c092b2456cfd840c4bc2b2a 795510 devel optional wireshark-dev_1.2.11-6+squeeze8_amd64.deb
 c4c3b7dc2cb4b1fdb8b63a6c32364531 15786554 debug extra wireshark-dbg_1.2.11-6+squeeze8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlDZiYUACgkQXm3vHE4uyloQEwCgokktUZqTTGqtqRCc08JqYROm
xu8An2uBMKW1Z7DO/EgZEBZ1fRb1dtQf
=gB4f
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Feb 2013 07:28:38 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 01:00:29 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.