Bug 14983

Summary: wireshark new release 1.10.12 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: rverschelde, sysadmin-bugs, wilcal.int
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/629244/
Whiteboard: has_procedure advisory MGA4-32-OK MGA4-64-OK
Source RPM: wireshark-1.10.11-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-01-08 01:42:10 CET 
Upstream has released new versions today (January 7):
https://www.wireshark.org/news/20150107.html

Freeze push requested for Cauldron for 1.12.3.

Updated package uploaded for Mageia 4.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).

The SMTP dissector could crash (CVE-2015-0563).

Wireshark could crash while decypting TLS/SSL sessions (CVE-2015-0564).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564
https://www.wireshark.org/security/wnpa-sec-2015-03.html
https://www.wireshark.org/security/wnpa-sec-2015-04.html
https://www.wireshark.org/security/wnpa-sec-2015-05.html
https://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html
https://www.wireshark.org/news/20150107.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.10.12-1.mga4
libwireshark3-1.10.12-1.mga4
libwiretap3-1.10.12-1.mga4
libwsutil3-1.10.12-1.mga4
libwireshark-devel-1.10.12-1.mga4
wireshark-tools-1.10.12-1.mga4
tshark-1.10.12-1.mga4
rawshark-1.10.12-1.mga4
dumpcap-1.10.12-1.mga4

from wireshark-1.10.12-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-01-08 01:42:26 CET 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 David Walser 2015-01-08 17:34:25 CET 
I was able to open the PoC files from wnpa-sec-2015-03 and wnpa-sec-2015-04 and scroll though them in wireshark just fine, and run a capture.  OK for Mageia 4 i586.

Whiteboard: has_procedure => has_procedure MGA4-32-OK

Comment 3 William Kenney 2015-01-08 19:51:45 CET 
In Whiteboard: MGA4-64-OK

In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
wireshark lib64wireshark3

default install of wireshark & lib64wireshark3

[root@localhost wilcal]# urpmi wireshark
Package wireshark-1.10.11-1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark3
Package lib64wireshark3-1.10.11-1.mga4.x86_64 is already installed

Running wireshark as root I can capture and save to a
file all the traffic on enp0s3. And then open that previously
created file and review the data.

install wireshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-1.10.12-1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark3
Package lib64wireshark3-1.10.12-1.mga4.x86_64 is already installed

Running wireshark as root I can capture and save to a
different file all the traffic on enp0s3. And then read any
previously captured data.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
VirtualBox 4.3.6-1.mga4.x86_64.rpm

CC: (none) => wilcal.int

Comment 4 William Kenney 2015-01-08 19:53:11 CET 
This update works fine.
Testing complete for mga4 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push this to updates.
Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 5 claire robinson 2015-01-09 16:45:13 CET 
Advisory uploaded.

First 2015 CVE's.

Whiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK

Comment 6 Rémi Verschelde 2015-01-09 16:49:27 CET 
The first for us, but they're already at 500+?! That will be a busy year :-)

CC: (none) => remi

Comment 7 David Walser 2015-01-09 17:08:57 CET 
(In reply to Rémi Verschelde from comment #6)
> The first for us, but they're already at 500+?! That will be a busy year :-)

No, that's not how it works.  They're allocated in blocks and different organizations assign ones from different blocks.  MITRE started theirs at 0500, someone else owns 0001+.
Comment 8 Mageia Robot 2015-01-09 17:44:50 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0019.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-01-12 19:25:57 CET

URL: (none) => http://lwn.net/Vulnerabilities/629244/

Comment 9 David Walser 2015-01-23 16:42:53 CET 
This also fixed CVE-2015-0559, CVE-2015-0560, and CVE-2015-0561 that were fixed in 1.12.3.  Upstream failed to list them in the 1.10.12 release notes.

https://www.wireshark.org/security/wnpa-sec-2015-01.html
https://www.wireshark.org/security/wnpa-sec-2015-02.html

LWN reference:
http://lwn.net/Vulnerabilities/630471/