Bug 18260

Summary: wireshark new release 2.0.3 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs, wilcal.int
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/685293/
Whiteboard: has_procedure advisory MGA5-32-OK MGA5-64-OK
Source RPM: wireshark-2.0.2-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-04-25 15:47:08 CEST 
Upstream has released new versions on April 22:
https://www.wireshark.org/news/20160422.html

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.3, which fixes several
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
https://www.wireshark.org/security/wnpa-sec-2016-19.html
https://www.wireshark.org/security/wnpa-sec-2016-20.html
https://www.wireshark.org/security/wnpa-sec-2016-21.html
https://www.wireshark.org/security/wnpa-sec-2016-22.html
https://www.wireshark.org/security/wnpa-sec-2016-23.html
https://www.wireshark.org/security/wnpa-sec-2016-24.html
https://www.wireshark.org/security/wnpa-sec-2016-25.html
https://www.wireshark.org/security/wnpa-sec-2016-26.html
https://www.wireshark.org/security/wnpa-sec-2016-27.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.3.html
https://www.wireshark.org/news/20160422.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.3-1.mga5
libwireshark6-2.0.3-1.mga5
libwiretap5-2.0.3-1.mga5
libwsutil6-2.0.3-1.mga5
libwireshark-devel-2.0.3-1.mga5
wireshark-tools-2.0.3-1.mga5
tshark-2.0.3-1.mga5
rawshark-2.0.3-1.mga5
dumpcap-2.0.3-1.mga5

from wireshark-2.0.3-1.mga5.src.rpm
Comment 1 David Walser 2016-04-25 15:47:29 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 William Kenney 2016-04-26 01:26:06 CEST 
In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark libwireshark6 libwiretap5 libwsutil6 
wireshark-tools tshark:

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.2-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Captured with ipv4 filter.
Reopen est01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
1758 ^Z
[2]+  Stopped                 tshark >> test02.txt

install wireshark libwireshark6 libwiretap5 libwsutil6
wireshark-tools & tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.3-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Captured with ipv4 filter.
Reopen est01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test03.txt
Capturing on 'enp0s3'
1758 ^Z
[2]+  Stopped                 tshark >> test03.txt

CC: (none) => wilcal.int
Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 3 William Kenney 2016-04-26 01:46:45 CEST 
In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark libwireshark6 libwiretap5 libwsutil6 
wireshark-tools tshark:

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.2-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.2-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.2-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Captured with ipv4 filter.
Reopen est01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test01.txt
Capturing on 'enp0s3'
4298 ^Z
[2]+  Stopped                 tshark >> test01.txt

install wireshark libwireshark6 libwiretap5 libwsutil6
wireshark-tools & tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.3-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.3-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.3-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.3-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Captured with ipv4 filter.
Reopen est01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
17242 ^Z
[2]+  Stopped                 tshark >> test02.txt
William Kenney 2016-04-26 01:47:00 CEST

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK

Comment 4 William Kenney 2016-04-26 01:47:33 CEST 
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 David Walser 2016-04-26 04:00:42 CEST 
CVEs:
http://openwall.com/lists/oss-security/2016/04/25/2

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The NCP dissector could crash (CVE-2016-4076).

TShark could crash due to a packet reassembly bug (CVE-2016-4077).

The IEEE 802.11 dissector could crash (CVE-2016-4078).

The PKTC dissector could crash (CVE-2016-4079).

The PKTC dissector could crash (CVE-2016-4080).

The IAX2 dissector could go into an infinite loop (CVE-2016-4081).

Wireshark and TShark could exhaust the stack (CVE-2016-4006).

The GSM CBCH dissector could crash (CVE-2016-4082).

MS-WSP dissector crash (CVE-2016-4083, CVE-2016-4084).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4084
https://www.wireshark.org/security/wnpa-sec-2016-19.html
https://www.wireshark.org/security/wnpa-sec-2016-20.html
https://www.wireshark.org/security/wnpa-sec-2016-21.html
https://www.wireshark.org/security/wnpa-sec-2016-22.html
https://www.wireshark.org/security/wnpa-sec-2016-23.html
https://www.wireshark.org/security/wnpa-sec-2016-24.html
https://www.wireshark.org/security/wnpa-sec-2016-25.html
https://www.wireshark.org/security/wnpa-sec-2016-26.html
https://www.wireshark.org/security/wnpa-sec-2016-27.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.3.html
https://www.wireshark.org/news/20160422.html
Comment 6 claire robinson 2016-04-26 17:10:40 CEST 
Advisory from comment 5 uploaded.

Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure advisory MGA5-32-OK MGA5-64-OK

Comment 7 Mageia Robot 2016-04-26 20:03:25 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0153.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-04-27 18:11:08 CEST

URL: (none) => http://lwn.net/Vulnerabilities/685293/