Bug 19073

Summary: wireshark new release 2.0.5 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, wilcal.int
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/696077/
Whiteboard: MGA5-32-OK MGA5-64-OK advisory
Source RPM: wireshark-2.0.4-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-07-28 16:52:13 CEST 
Upstream has released new versions on July 27:
https://www.wireshark.org/news/20160727.html

CVE request:
http://openwall.com/lists/oss-security/2016/07/28/3

Updates checked into Mageia 5 and Cauldron SVN; freeze push requested.

Preliminary advisory for the pending update below.

Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.5, which fixes several
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
https://www.wireshark.org/security/wnpa-sec-2016-39.html
https://www.wireshark.org/security/wnpa-sec-2016-41.html
https://www.wireshark.org/security/wnpa-sec-2016-42.html
https://www.wireshark.org/security/wnpa-sec-2016-44.html
https://www.wireshark.org/security/wnpa-sec-2016-45.html
https://www.wireshark.org/security/wnpa-sec-2016-46.html
https://www.wireshark.org/security/wnpa-sec-2016-47.html
https://www.wireshark.org/security/wnpa-sec-2016-48.html
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.5.html
https://www.wireshark.org/news/20160727.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.5-1.mga5
libwireshark6-2.0.5-1.mga5
libwiretap5-2.0.5-1.mga5
libwsutil6-2.0.5-1.mga5
libwireshark-devel-2.0.5-1.mga5
wireshark-tools-2.0.5-1.mga5
tshark-2.0.5-1.mga5
rawshark-2.0.5-1.mga5
dumpcap-2.0.5-1.mga5

from wireshark-2.0.5-1.mga5.src.rpm
Comment 1 David Walser 2016-07-30 10:57:54 CEST 
Updated packages uploaded for Mageia 5 and Cauldron.  Package list and preliminary advisory in Comment 0 (will be updated if/when CVEs are assigned).

Assignee: bugsquad => qa-bugs

Comment 2 William Kenney 2016-07-30 19:08:52 CEST 
In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark libwireshark6 libwiretap5 libwsutil6 
wireshark-tools tshark:

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.4-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen ws1.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Filter:  ip.src == 192.168.1.143	works ( this system )

install wireshark libwireshark6 libwiretap5 libwsutil6
wireshark-tools & tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.5-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
14567 ^Z
[1]+  Stopped                 tshark >> test02.txt
Filter:  ip.src == 192.168.1.143	works ( this system )

CC: (none) => wilcal.int

William Kenney 2016-07-30 19:09:20 CEST

Whiteboard: (none) => MGA5-32-OK

Comment 3 William Kenney 2016-07-30 19:41:48 CEST 
In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6 
wireshark-tools tshark:

[root@localhost Documents]# urpmi wireshark
Package wireshark-2.0.4-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi lib64wireshark6
Package lib64wireshark6-2.0.4-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.4-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.4-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi wireshark-tools
Package wireshark-tools-2.0.4-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi tshark
Package tshark-2.0.4-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen ws1.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
[wilcal@localhost Documents]$ tshark >> test01.txt
Capturing on 'enp0s3'
12534 ^Z
[1]+  Stopped                 tshark >> test01.txt
Filter:  ip.src == 192.168.1.141	works ( this system )

install wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6
wireshark-tools & tshark from updates_testing

[root@localhost Documents]# urpmi wireshark
Package wireshark-2.0.5-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi lib64wireshark6
Package lib64wireshark6-2.0.5-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.5-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.5-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi wireshark-tools
Package wireshark-tools-2.0.5-1.mga5.x86_64 is already installed
[root@localhost Documents]# urpmi tshark
Package tshark-2.0.5-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
5472 ^Z
[1]+  Stopped                 tshark >> test02.txt
Filter:  ip.src == 192.168.1.141	works ( this system )
Comment 4 William Kenney 2016-07-30 19:42:37 CEST 
Looks good. Anything else?

Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK

Comment 5 William Kenney 2016-08-02 16:58:59 CEST 
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Dave Hodgins 2016-08-03 06:05:58 CEST

CC: (none) => davidwhodgins
Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory

Comment 6 Mageia Robot 2016-08-03 12:57:43 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0275.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 7 David Walser 2016-08-03 23:51:41 CEST 
CVE-2016-6503
CVE-2016-6505
CVE-2016-6506
CVE-2016-6508
CVE-2016-6509
CVE-2016-6510
CVE-2016-6511
CVE-2016-6512
CVE-2016-6513

were assigned for this update:
http://www.openwall.com/lists/oss-security/2016/08/01/4

If someone could please just add those CVEs in the CVE section in the SVN advisory, I think that will suffice.
David Walser 2016-08-08 21:20:07 CEST

URL: (none) => http://lwn.net/Vulnerabilities/696220/

Comment 8 David Walser 2016-08-08 21:26:36 CEST 
LWN reference with some of the CVEs:
http://lwn.net/Vulnerabilities/696077/
Comment 9 David Walser 2016-08-09 20:04:42 CEST 
LWN reference for CVE-2016-6512 and CVE-2016-6513:
http://lwn.net/Vulnerabilities/696829/

Apparently CVE-2016-6503 only affects Windows.

URL: http://lwn.net/Vulnerabilities/696220/ => http://lwn.net/Vulnerabilities/696077/