Bug 19442

Summary: wireshark new release 2.0.6 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, sysadmin-bugs, wilcal.int
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/701348/
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK
Source RPM: wireshark-2.0.5-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-09-22 14:06:19 CEST 
Upstream has released version 2.0.6 on September 8:
https://www.wireshark.org/news/20160908.html

Debian has issued an advisory for this on September 20:
https://www.debian.org/security/2016/dsa-3671

Updated package uploaded for Mageia 5.

Here's a preliminary advisory without the CVEs.  I don't know where Debian got them from, but they only had 5 and there are 6 security issues fixed here.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.5, which fixes several
security issues where a malformed packet trace could cause it to crash, and
fixes several other bugs as well.  See the release notes for details.

References:
https://www.wireshark.org/security/wnpa-sec-2016-50.html
https://www.wireshark.org/security/wnpa-sec-2016-51.html
https://www.wireshark.org/security/wnpa-sec-2016-52.html
https://www.wireshark.org/security/wnpa-sec-2016-53.html
https://www.wireshark.org/security/wnpa-sec-2016-54.html
https://www.wireshark.org/security/wnpa-sec-2016-55.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.6.html
https://www.wireshark.org/news/20160908.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.6-1.mga5
libwireshark6-2.0.6-1.mga5
libwiretap5-2.0.6-1.mga5
libwsutil6-2.0.6-1.mga5
libwireshark-devel-2.0.6-1.mga5
wireshark-tools-2.0.6-1.mga5
tshark-2.0.6-1.mga5
rawshark-2.0.6-1.mga5
dumpcap-2.0.6-1.mga5

from wireshark-2.0.6-1.mga5.src.rpm
Comment 1 David Walser 2016-09-22 14:06:34 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 David Walser 2016-09-22 14:11:37 CEST 
Fixing the package list, libwireshark's major has changed from 6 to 7.

Updated packages in core/updates_testing:
========================
wireshark-2.0.6-1.mga5
libwireshark7-2.0.6-1.mga5
libwiretap5-2.0.6-1.mga5
libwsutil6-2.0.6-1.mga5
libwireshark-devel-2.0.6-1.mga5
wireshark-tools-2.0.6-1.mga5
tshark-2.0.6-1.mga5
rawshark-2.0.6-1.mga5
dumpcap-2.0.6-1.mga5

from wireshark-2.0.6-1.mga5.src.rpm
Comment 3 William Kenney 2016-09-24 21:57:57 CEST 
In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark libwireshark6 libwiretap5 libwsutil6 
wireshark-tools tshark:

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.5-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Filter:  ip.src == 192.168.1.143	works ( this system )

install wireshark libwireshark6 libwiretap5 libwsutil6
wireshark-tools & tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.6-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.6-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.6-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.6-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.6-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Filter:  ip.src == 192.168.1.143	works ( this system )

CC: (none) => wilcal.int

William Kenney 2016-09-24 21:58:15 CEST

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 4 William Kenney 2016-09-24 22:32:26 CEST 
In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6 
wireshark-tools tshark:

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.5-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark6
Package lib64wireshark6-2.0.5-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.5-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.5-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.5-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.5-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Filter:  ip.src == 192.168.1.141	works ( this system )

install wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6
wireshark-tools & tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.6-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark6
Package lib64wireshark6-2.0.5-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.6-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.6-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.6-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.6-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Filter:  ip.src == 192.168.1.141	works ( this system )
William Kenney 2016-09-24 22:32:44 CEST

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK

Comment 5 William Kenney 2016-09-24 22:33:30 CEST 
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Nicolas Lécureuil 2016-09-25 13:48:37 CEST 
Please add 19442.adv

CC: (none) => mageia

Comment 7 Mageia Robot 2016-09-25 17:46:13 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0321.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 8 David Walser 2016-09-27 22:56:05 CEST 
Another CVE:
http://lwn.net/Vulnerabilities/701997/
Comment 9 Nicolas Lécureuil 2016-09-27 23:14:57 CEST 
all seems fixed in 2.0.6.


you mean we need to update 19442.adv ?
Comment 10 David Walser 2016-09-27 23:17:32 CEST 
(In reply to Nicolas Lécureuil from comment #9)
> all seems fixed in 2.0.6.
> 
> 
> you mean we need to update 19442.adv ?

Yes, but I updated it already :o).