Bug 10145

The new versions are in SVN.

Whiteboard: (none) => MGA3TOO, MGA2TOO

Can't reproduce this with wireshark-1.6.14-1.mga2:

http://www.wireshark.org/security/wnpa-sec-2013-25.html

CC: (none) => oe

CVEs have now been assigned for the issues fix herein:
http://openwall.com/lists/oss-security/2013/05/20/7

Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron.

Advisory (Mageia 3):
========================

Updated wireshark packages fix security vulnerabilities:

The RELOAD dissector could go into an infinite loop (CVE-2013-2486,
CVE-2013-2487).

The GTPv2 dissector could crash (CVE-2013-3555).

The ASN.1 BER dissector could crash (CVE-2013-3557).

The PPP CCP dissector could crash (CVE-2013-3558).

The DCP ETSI dissector could crash (CVE-2013-3559).

The MPEG DSM-CC dissector could crash (CVE-2013-3560).

The Websocket dissector could crash. The MySQL dissector could go into an
infinite loop. The ETCH dissector could go into a large loop (CVE-2013-3561,
CVE-2013-3562).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3560
http://www.wireshark.org/security/wnpa-sec-2013-23.html
http://www.wireshark.org/security/wnpa-sec-2013-24.html
http://www.wireshark.org/security/wnpa-sec-2013-25.html
http://www.wireshark.org/security/wnpa-sec-2013-26.html
http://www.wireshark.org/security/wnpa-sec-2013-27.html
http://www.wireshark.org/security/wnpa-sec-2013-28.html
http://www.wireshark.org/security/wnpa-sec-2013-29.html
http://www.wireshark.org/security/wnpa-sec-2013-30.html
http://www.wireshark.org/security/wnpa-sec-2013-31.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html
http://www.wireshark.org/news/20130517.html
http://openwall.com/lists/oss-security/2013/05/20/7
========================

Updated packages in core/updates_testing:
========================
wireshark-1.8.7-1.mga3
libwireshark2-1.8.7-1.mga3
libwireshark-devel-1.8.7-1.mga3
wireshark-tools-1.8.7-1.mga3
tshark-1.8.7-1.mga3
rawshark-1.8.7-1.mga3
dumpcap-1.8.7-1.mga3

from wireshark-1.8.7-1.mga3.src.rpm

Advisory (Mageia 2):
========================

Updated wireshark packages fix security vulnerability:

The ASN.1 BER dissector could crash (CVE-2013-3557).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557
http://www.wireshark.org/security/wnpa-sec-2013-25.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
http://www.wireshark.org/news/20130517.html
http://openwall.com/lists/oss-security/2013/05/20/7
========================

Updated packages in core/updates_testing:
========================
wireshark-1.6.15-1.mga2
libwireshark1-1.6.15-1.mga2
libwireshark-devel-1.6.15-1.mga2
wireshark-tools-1.6.15-1.mga2
tshark-1.6.15-1.mga2
rawshark-1.6.15-1.mga2
dumpcap-1.6.15-1.mga2

from wireshark-1.6.15-1.mga2.src.rpm

Version: Cauldron => 3
Assignee: bugsquad => qa-bugs
Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO

PoC's attached to the following bugs:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8638
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8481
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464

For Mga2 the only PoC is attached to
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599

Testing complete mga2 32

The pcap file doesn't cause any obvious issues in our wireshark. Created a wireshark capture as root and saved it, then opened it again.

Whiteboard: MGA2TOO => MGA2TOO has_procedure mga2-32-ok

Testing complete mga2 64

Whiteboard: MGA2TOO has_procedure mga2-32-ok => MGA2TOO has_procedure mga2-32-ok mga2-64-ok

Testing mga3 64 using a variety of the PoCs

Some crash some cause max cpu usage. After update all open normally.

When opened as root to make a capture there is a Lua error.

Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:45: Wireshark is running as root, this is dangerous. The lua function dofile has been disabled, because it is potentially harmful when running as root

It does open and does capture OK though afterwards, with the standard wireshark run-as-root warning message after that.

Whiteboard: MGA2TOO has_procedure mga2-32-ok mga2-64-ok => MGA2TOO feedback has_procedure mga2-32-ok mga2-64-ok

This is the same i586 and it seems wireshark now needs users to be added to 'wireshark' group instead of being run as root.

When the wireshark group is added to the user and then logged out/in again wireshark operates normally and captures can be made by regular users.

So, testing complete mga3 32 & 64

Validating

Advisory and SRPM's for mga2 and 3 in comment 4

Could sysadmin please push from 2 & 3 core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA2TOO feedback has_procedure mga2-32-ok mga2-64-ok => MGA2TOO has_procedure mga2-32-ok mga2-64-ok mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Debian has issued an advisory for this on June 2:
http://www.debian.org/security/2013/dsa-2700

URL: (none) => http://lwn.net/Vulnerabilities/552736/

Packages have been pushed to updates.

Status: NEW => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED