Bug 13524

Summary: wireshark new release 1.10.8 fixes security issue
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: makowski.mageia, sysadmin-bugs, tmb
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/602884/
Whiteboard: advisory MGA4-32-OK MGA4-64-OK
Source RPM: wireshark-1.10.7-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2014-06-13 16:24:38 CEST 
Upstream has released new versions on June 12:
http://www.wireshark.org/news/20140612.html

Updated packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The frame metadissector could crash (CVE-2014-4020).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4020
https://www.wireshark.org/security/wnpa-sec-2014-07.html
http://www.wireshark.org/docs/relnotes/wireshark-1.10.8.html
http://www.wireshark.org/news/20140612.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.10.8-1.mga4
libwireshark3-1.10.8-1.mga4
libwiretap3-1.10.8-1.mga4
libwsutil3-1.10.8-1.mga4
libwireshark-devel-1.10.8-1.mga4
wireshark-tools-1.10.8-1.mga4
tshark-1.10.8-1.mga4
rawshark-1.10.8-1.mga4
dumpcap-1.10.8-1.mga4

from wireshark-1.10.8-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-06-17 16:31:17 CEST 
I tested the pcap files on the two referenced upstream bugs.  I could reproduce the assertion error in the first one, though it didn't cause a crash.  I couldn't reproduce the error in the second one.  With the update, the assertion error in the first one is gone, and both pcaps load fine.  A packet capture also works fine.  Tested on i586 in a VMWare VM.
Comment 2 David Walser 2014-06-17 17:57:53 CEST 
Claire gave me the OK to add the whiteboard marker.  Adding now.

Whiteboard: (none) => MGA4-32-OK

Comment 3 Philippe Makowski 2014-06-17 20:10:47 CEST 
same tests under x86_64 ok

CC: (none) => makowski.mageia
Whiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OK

Comment 4 claire robinson 2014-06-18 15:29:23 CEST 
Thanks both. Validating. Advisory uploaded.

Could sysadmin please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA4-32-OK MGA4-64-OK => advisory MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2014-06-18 20:06:57 CEST 
Update pushed:
http://advisories.mageia.org/MGASA-2014-0264.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

David Walser 2014-06-19 17:52:40 CEST

URL: (none) => http://lwn.net/Vulnerabilities/602884/