Bug 16967

Summary: wireshark new release 1.12.8 fixes security issue
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/661059/
Whiteboard: has_procedure advisory MGA5-32-OK mga5-64-ok
Source RPM: wireshark-1.12.7-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-10-14 21:23:20 CEST 
Upstream has released version 1.12.8 today (October 14):
https://www.wireshark.org/news/20151014.html

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

In Wireshark before 1.12.8, the pcapng file parser could crash while copying
an interface filter. It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a malformed
packet trace file (CVE-2015-7830).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7830
https://www.wireshark.org/security/wnpa-sec-2015-30.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html
https://www.wireshark.org/news/20151014.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.12.8-1.mga5
wireshark-common-1.12.8-1.mga5
wireshark-gtk-1.12.8-1.mga5
libwireshark5-1.12.8-1.mga5
libwiretap4-1.12.8-1.mga5
libwsutil4-1.12.8-1.mga5
libfiletap0-1.12.8-1.mga5
libwireshark-devel-1.12.8-1.mga5
wireshark-tools-1.12.8-1.mga5
tshark-1.12.8-1.mga5
rawshark-1.12.8-1.mga5
dumpcap-1.12.8-1.mga5

from wireshark-1.12.8-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-10-14 21:26:11 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Also, for the PoC here:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11455

tshark -r id:000001,sig:11,src:000000,op:flip1,pos:160

gives:
  1 0.000000000              ->              UNKNOWN 73 WTAP_ENCAP = 0
  2 0.104258420              ->              UNKNOWN 246 WTAP_ENCAP = 0
Segmentation fault

Whiteboard: (none) => has_procedure

Comment 2 David Walser 2015-10-14 22:43:31 CEST 
No more segfault with the PoC after the update, and capture and analysis with Wireshark works fine.  Mageia 5 i586.

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 3 claire robinson 2015-10-15 16:26:12 CEST 
Testing complete mga5 64

Before
------
$ tshark -r id_000001,sig_11,src_000000,op_flip1,pos_160.bin
  1 0.000000000              ->              UNKNOWN 73 WTAP_ENCAP = 0
  2 0.104258420              ->              UNKNOWN 246 WTAP_ENCAP = 0
Segmentation fault

After
-----
$ tshark -r id_000001,sig_11,src_000000,op_flip1,pos_160.bin
  1 0.000000000              ->              UNKNOWN 73 WTAP_ENCAP = 0
  2 0.104258420              ->              UNKNOWN 246 WTAP_ENCAP = 0


Validating. Advisory to upload.

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 4 claire robinson 2015-10-15 17:18:27 CEST 
Advisory uploaded.

Whiteboard: has_procedure MGA5-32-OK mga5-64-ok => has_procedure advisory MGA5-32-OK mga5-64-ok

Comment 5 Mageia Robot 2015-10-15 21:52:04 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0403.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-10-16 18:53:20 CEST

URL: (none) => http://lwn.net/Vulnerabilities/661059/