Bug 21011

Summary: wireshark new release 2.0.13 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, lewyssmith, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK advisory
Source RPM: wireshark-2.0.12-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-06-02 03:30:41 CEST 
Upstream has released version 2.0.13 today (June 1):
https://www.wireshark.org/news/20170601.html

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.13, which fixes several
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9354
https://www.wireshark.org/security/wnpa-sec-2017-22.html
https://www.wireshark.org/security/wnpa-sec-2017-24.html
https://www.wireshark.org/security/wnpa-sec-2017-25.html
https://www.wireshark.org/security/wnpa-sec-2017-26.html
https://www.wireshark.org/security/wnpa-sec-2017-27.html
https://www.wireshark.org/security/wnpa-sec-2017-28.html
https://www.wireshark.org/security/wnpa-sec-2017-29.html
https://www.wireshark.org/security/wnpa-sec-2017-30.html
https://www.wireshark.org/security/wnpa-sec-2017-32.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.13.html
https://www.wireshark.org/news/20170601.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.13-1.mga5
libwireshark7-2.0.13-1.mga5
libwiretap5-2.0.13-1.mga5
libwsutil7-2.0.13-1.mga5
libwireshark-devel-2.0.13-1.mga5
wireshark-tools-2.0.13-1.mga5
tshark-2.0.13-1.mga5
rawshark-2.0.13-1.mga5
dumpcap-2.0.13-1.mga5

from wireshark-2.0.13-1.mga5.src.rpm
Comment 1 David Walser 2017-06-02 03:30:55 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 Herman Viaene 2017-06-03 11:29:55 CEST 
MGA5-32 on Asus A6000VM Xfce
No installation issues.
Did all tests as per Comment 1 with success.

CC: (none) => herman.viaene
Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 3 Lewis Smith 2017-06-06 20:42:29 CEST 
Testing M5_64

Updated existing wireshark to:
 dumpcap-2.0.13-1.mga5
 lib64wireshark7-2.0.13-1.mga5
 lib64wiretap5-2.0.13-1.mga5
 lib64wsutil6-2.0.13-1.mga5    ***
 rawshark-2.0.13-1.mga5
 tshark-2.0.13-1.mga5
 wireshark-2.0.13-1.mga5
 wireshark-tools-2.0.13-1.mga5
NOTE: lib64wsutil6, whereas the package list in Comment 0 cites libwsutil7.
Asking for feedback about this before validation.

Tried following the indicated tests, but the first command
 $ wireshark -n wiresharktest
baulked because the file 'wiresharktest' did not exist. I could find no option for wireshark to monitor to & analyse a given file; so first did
 $ dumpcap -w wiresharktest
and generated some traffic. After that, the given tests were happy. Should this be in the procedure?

 $ wireshark -n wiresharktest
displays the capture file.

 $ tshark -nr wiresharktest
dumps it to the terminal.

 $ editcap -r wiresharktest wiresharktest50 1-50
gave *no* terminal output as per the procedure, but created 'wiresharktest50'

 $ mergecap -v -w wiresharkmerged wiresharktest wiresharktest50
 mergecap: wiresharktest is type Wireshark/... - pcapng.
 mergecap: wiresharktest50 is type Wireshark/... - pcapng.
 mergecap: selected frame_type Ethernet (ether)
 mergecap: ready to merge records
 Record: 1
 etc etc to
 mergecap: merging complete
and created 'wiresharkmerged'.

 $ randpkt -b 500 -t dns wireshark_dns.pcap
gave no terminal output, but created the given file.

 $ wireshark wireshark_dns.pcap
displayed the file.

 $ dftest ip
 Filter: "ip"

 Constants:
 Instructions:

 00000 CHECK_EXISTS	ip
 00001 RETURN

 $ capinfos wiresharktest50
 File name:           wiresharktest50
 File type:           Wireshark/... - pcapng
 File encapsulation:  Ethernet
 File timestamp precision:  nanoseconds (9)
 Packet size limit:   file hdr: (not set)
 Number of packets:   50
etc etc as per the procedure, to
 Capture application: Editcap 2.0.13
 Number of interfaces in file: 1
 Interface #0 info:
                     Name = enp4s0
etc etc to
                     Number of packets = 50

Believing this is all correct, OK. Advisory to follow.
Query outstanding re lib[64]wsutil7 or 6.

CC: (none) => lewyssmith
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK feedback

Lewis Smith 2017-06-06 20:49:53 CEST

Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK feedback => has_procedure MGA5-32-OK MGA5-64-OK feedback advisory

Comment 4 David Walser 2017-06-06 21:21:44 CEST 
Yes it's a typo, it should be 6.

Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK feedback advisory => has_procedure MGA5-32-OK MGA5-64-OK advisory

Lewis Smith 2017-06-06 21:47:01 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2017-06-08 23:40:45 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0161.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED