Bug 16141

Summary: wireshark new release 1.12.6 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/649225/
Whiteboard: has_procedure MGA5-32-OK advisory
Source RPM: wireshark-1.12.5-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-06-18 14:10:50 CEST 
Upstream has released version 1.12.6 on June 17:
https://www.wireshark.org/news/20150617.html

Right now that URL is showing a fail whale/shark (haha) and the 1.10.15 tarball (for the Mageia 4 update) is not available.  I'm not sure if 1.10 is EOL already.

The 1.12.6 update is checked into Cauldron SVN.  It will need to be checked into Mageia 5 SVN once it is branched.

Reproducible: 

Steps to Reproduce:
David Walser 2015-06-18 14:10:58 CEST

Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 David Walser 2015-06-19 14:21:32 CEST 
Only Mageia 5 (Wireshark 1.12.x) is affected, so there's no 1.10 update.

Whiteboard: MGA5TOO, MGA4TOO => MGA5TOO

Comment 2 David Walser 2015-06-20 16:38:54 CEST 
Updated packages uploaded for Mageia 5 and Cauldron.

Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

WCCP dissector crash (wnpa-sec-2015-19).

GSM DTAP dissector crash (wnpa-sec-2015-20).

References:
https://www.wireshark.org/security/wnpa-sec-2015-19.html
https://www.wireshark.org/security/wnpa-sec-2015-20.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.6.html
https://www.wireshark.org/news/20150617.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.12.6-1.mga5
libwireshark5-1.12.6-1.mga5
libwiretap4-1.12.6-1.mga5
libwsutil4-1.12.6-1.mga5
libfiletap0-1.12.6-1.mga5
libwireshark-devel-1.12.6-1.mga5
wireshark-tools-1.12.6-1.mga5
tshark-1.12.6-1.mga5
rawshark-1.12.6-1.mga5
dumpcap-1.12.6-1.mga5

from wireshark-1.12.6-1.mga5.src.rpm

Version: Cauldron => 5
Assignee: bugsquad => qa-bugs
Whiteboard: MGA5TOO => has_procedure

Comment 3 David Walser 2015-06-24 19:19:26 CEST 
Debian has issued an advisory for this on June 23:
https://www.debian.org/security/2015/dsa-3294

There are now CVEs.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

WCCP dissector crash (CVE-2015-4651).

GSM DTAP dissector crash (CVE-2015-4652).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4652
https://www.wireshark.org/security/wnpa-sec-2015-19.html
https://www.wireshark.org/security/wnpa-sec-2015-20.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.6.html
https://www.wireshark.org/news/20150617.html

URL: (none) => http://lwn.net/Vulnerabilities/649225/

Comment 4 David Walser 2015-07-04 18:40:00 CEST 
I ran tshark -nVxr on the two pcap files attached to the upstream bugs and that ran with no problems.  I also capture packets using dumpcap and decoded them using tshark.  Mageia 5 i586.

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 5 Dave Hodgins 2015-07-04 19:14:57 CEST 
Advisory committed to svn.

Someone from the sysadmin team please push 16141.adv to updates.

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 6 Mageia Robot 2015-07-05 19:23:38 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0264.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED