Bug 20673

Summary:	wireshark new release 2.0.12 fixes security issues
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	lewyssmith, sysadmin-bugs, wilcal.int
Version:	5	Keywords:	validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	has_procedure MGA5-32-OK MGA5-64-OK advisory
Source RPM:	wireshark-2.0.11-1.mga5.src.rpm	CVE:
Status comment:

Description David Walser 2017-04-14 22:51:46 CEST

Upstream has released version 2.0.12 on April 12:
https://www.wireshark.org/news/20170412.html

Updated package uploaded for Mageia 5.

Half of the WNPA's have CVEs at this time.  Advisory to come later.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7705
https://www.wireshark.org/security/wnpa-sec-2017-04.html
https://www.wireshark.org/security/wnpa-sec-2017-12.html
https://www.wireshark.org/security/wnpa-sec-2017-13.html
https://www.wireshark.org/security/wnpa-sec-2017-14.html
https://www.wireshark.org/security/wnpa-sec-2017-15.html
https://www.wireshark.org/security/wnpa-sec-2017-16.html
https://www.wireshark.org/security/wnpa-sec-2017-18.html
https://www.wireshark.org/security/wnpa-sec-2017-19.html
https://www.wireshark.org/security/wnpa-sec-2017-20.html
https://www.wireshark.org/security/wnpa-sec-2017-21.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.12.html
https://www.wireshark.org/news/20170412.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.12-1.mga5
libwireshark7-2.0.12-1.mga5
libwiretap5-2.0.12-1.mga5
libwsutil7-2.0.12-1.mga5
libwireshark-devel-2.0.12-1.mga5
wireshark-tools-2.0.12-1.mga5
tshark-2.0.12-1.mga5
rawshark-2.0.12-1.mga5
dumpcap-2.0.12-1.mga5

from wireshark-2.0.12-1.mga5.src.rpm

Comment 1 David Walser 2017-04-14 22:52:30 CEST

Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 William Kenney 2017-04-15 19:47:47 CEST

In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
wireshark libwireshark7 libwiretap5 libwsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark7
Package libwireshark7-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.11-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.11-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen ws1.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
7834 ^Z
Filter:  ip.src == 192.168.1.137	works ( this system )

install wireshark libwireshark7 libwiretap5 libwsutil6
wireshark-tools tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.12-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark7
Package libwireshark7-2.0.12-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.12-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.12-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.12-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.12-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
13285 ^Z
[1]+  Stopped                 tshark >> test02.txt
Filter:  ip.src == 192.168.1.137	works ( this system )

CC: (none) => wilcal.int

Comment 3 William Kenney 2017-04-15 19:48:05 CEST

In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6
wireshark-tools tshark:

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark7
Package lib64wireshark7-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.11-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.11-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) traffic on enp0s3. Close wireshark.
Reopen ws1.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
9356 ^Z
Filter:  ip.src == 192.168.1.138	works ( this system )

install wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6
wireshark-tools tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.12-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark7
Package lib64wireshark7-2.0.12-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.12-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.12-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.12-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.12-1.mga5.x86_64 is already installed


Running wireshark I can capture and save to a file
(test02.pcapng) traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
[wilcal@localhost Documents]$ tshark >> test02.txt
Capturing on 'enp0s3'
7035 ^Z
[1]+  Stopped                 tshark >> test02.txt
Filter:  ip.src == 192.168.1.138	works ( this system )

William Kenney 2017-04-15 19:48:27 CEST

Whiteboard: has_procedure => has_procedure MGA5-32-OK MGA5-64-OK

Comment 4 William Kenney 2017-04-15 19:49:05 CEST

This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

David Walser 2017-04-17 22:39:37 CEST

QA Contact: (none) => security
Component: RPM Packages => Security

Comment 5 David Walser 2017-04-17 22:42:08 CEST

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.12, which fixes multiple
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7705
https://www.wireshark.org/security/wnpa-sec-2017-04.html
https://www.wireshark.org/security/wnpa-sec-2017-12.html
https://www.wireshark.org/security/wnpa-sec-2017-13.html
https://www.wireshark.org/security/wnpa-sec-2017-14.html
https://www.wireshark.org/security/wnpa-sec-2017-15.html
https://www.wireshark.org/security/wnpa-sec-2017-16.html
https://www.wireshark.org/security/wnpa-sec-2017-18.html
https://www.wireshark.org/security/wnpa-sec-2017-19.html
https://www.wireshark.org/security/wnpa-sec-2017-20.html
https://www.wireshark.org/security/wnpa-sec-2017-21.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.12.html
https://www.wireshark.org/news/20170412.html

Comment 6 Lewis Smith 2017-04-18 08:37:49 CEST

Thanks David for the advisory.

CC: (none) => lewyssmith
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory

Comment 7 Mageia Robot 2017-04-21 09:25:06 CEST

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0113.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 8 David Walser 2023-04-19 14:46:32 CEST

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6742

should have been:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6472

Fixed in the advisory in SVN.  Thanks to Christian Fischer for the report.