Bug 20392

Summary: wireshark new release 2.0.11 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, wilcal.int
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK advisory
Source RPM: wireshark-2.0.10-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-03-04 17:47:15 CET 
Upstream has released version 2.0.11 on March 3:
https://www.wireshark.org/news/20170303.html

Updated package uploaded for Mageia 5.

Currently, only wnpa-sec-2017-06 has a CVE:
https://lwn.net/Vulnerabilities/715035/

So, a generic advisry for now.

Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.11, which fixes two
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6014
https://www.wireshark.org/security/wnpa-sec-2017-03.html
https://www.wireshark.org/security/wnpa-sec-2017-04.html
https://www.wireshark.org/security/wnpa-sec-2017-05.html
https://www.wireshark.org/security/wnpa-sec-2017-06.html
https://www.wireshark.org/security/wnpa-sec-2017-07.html
https://www.wireshark.org/security/wnpa-sec-2017-08.html
https://www.wireshark.org/security/wnpa-sec-2017-09.html
https://www.wireshark.org/security/wnpa-sec-2017-10.html
https://www.wireshark.org/security/wnpa-sec-2017-11.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.11.html
https://www.wireshark.org/news/20170303.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.11-1.mga5
libwireshark7-2.0.11-1.mga5
libwiretap5-2.0.11-1.mga5
libwsutil7-2.0.11-1.mga5
libwireshark-devel-2.0.11-1.mga5
wireshark-tools-2.0.11-1.mga5
tshark-2.0.11-1.mga5
rawshark-2.0.11-1.mga5
dumpcap-2.0.11-1.mga5

from wireshark-2.0.11-1.mga5.src.rpm
David Walser 2017-03-04 17:47:32 CET

Whiteboard: (none) => has_procedure

Comment 1 William Kenney 2017-03-11 20:03:03 CET 
In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.10-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.10-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.10-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.10-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.10-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen ws1.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
9436 ^Z
Filter:  ip.src == 192.168.1.143	works ( this system )

install wireshark libwireshark6 libwiretap5 libwsutil6
wireshark-tools tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark6
Package libwireshark6-2.0.5-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.11-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
12532 ^Z
[1]+  Stopped                 tshark >> test02.txt
Filter:  ip.src == 192.168.1.143	works ( this system )

CC: (none) => wilcal.int

William Kenney 2017-03-11 20:03:29 CET

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 2 William Kenney 2017-03-11 20:36:11 CET 
In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6
wireshark-tools tshark:

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.10-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark7
Package lib64wireshark7-2.0.10-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.10-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.10-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.10-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.10-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen ws1.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
4823 ^Z
Filter:  ip.src == 192.168.1.75	works ( this system )

install wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6
wireshark-tools & tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark7
Package lib64wireshark7-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.11-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
3529 ^Z
[1]+  Stopped                 tshark >> test02.txt
Filter:  ip.src == 192.168.1.75	works ( this system )
William Kenney 2017-03-11 20:36:32 CET

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK

Comment 3 William Kenney 2017-03-11 20:37:15 CET 
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2017-03-12 21:19:59 CET

CC: (none) => davidwhodgins
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory

Comment 4 Mageia Robot 2017-03-12 21:34:24 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0076.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 David Walser 2017-03-19 16:07:50 CET 
Debian has issued an advisory for this on March 18:
https://www.debian.org/security/2017/dsa-3811

They have more CVEs:
CVE-2017-5596
CVE-2017-5597
CVE-2017-6467
CVE-2017-6468
CVE-2017-6469
CVE-2017-6470
CVE-2017-6471
CVE-2017-6472
CVE-2017-6473
CVE-2017-6474