Bug 21314

Summary: wireshark new release 2.2.8 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, lewyssmith, sysadmin-bugs
Version: 6Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: has_procedure MGA6-32-OK advisory
Source RPM: wireshark-2.2.7-1.mga6.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 21315    

Description David Walser 2017-07-22 01:29:19 CEST 
Upstream has released new versions on July 18:
https://www.wireshark.org/news/20170718.html

Updated package uploaded for Mageia 6.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.2.8, which fixes several
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11411
https://www.wireshark.org/security/wnpa-sec-2017-13.html
https://www.wireshark.org/security/wnpa-sec-2017-28.html
https://www.wireshark.org/security/wnpa-sec-2017-34.html
https://www.wireshark.org/security/wnpa-sec-2017-35.html
https://www.wireshark.org/security/wnpa-sec-2017-36.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.8.html
https://www.wireshark.org/news/20170718.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.2.8-1.mga6
libwireshark8-2.2.8-1.mga6
libwiretap6-2.2.8-1.mga6
libwscodecs1-2.2.8-1.mga6
libwsutil7-2.2.8-1.mga6
libwireshark-devel-2.2.8-1.mga6
wireshark-tools-2.2.8-1.mga6
tshark-2.2.8-1.mga6
rawshark-2.2.8-1.mga6
dumpcap-2.2.8-1.mga6

from wireshark-2.2.8-1.mga6.src.rpm
Comment 1 David Walser 2017-07-22 01:29:46 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

David Walser 2017-07-22 01:30:01 CEST

Blocks: (none) => 21315

Comment 2 Herman Viaene 2017-07-26 14:06:55 CEST 
MGA6-32 on Asus A6000VM MATE
No installation issues.
Following QA procedure (more or less-: at CLI:
$ wireshark -n
Gtk-Message: Failed to load module "canberra-gtk-module"
In wireshark, click in network interface, click "Start capture" and capture 168 logs. Save results as wiresharktest.pcapng.

$ tshark -n
Capturing on 'wlp0s29f7u4'
    1 0.000000000  192.168.2.6 → 192.168.2.1  DNS 73 Standard query 0x608f A www.google.be
    2 0.000037295  192.168.2.6 → 192.168.2.1  DNS 73 Standard query 0x1b17 AAAA www.google.be
    3 0.000274894  192.168.2.6 → 192.168.2.1  DNS 75 Standard query 0xb867 A ssl.gstatic.com
    4 0.000288793  192.168.2.6 → 192.168.2.1  DNS 75 Standard query 0xb9ba AAAA ssl.gstatic.com
    5 0.000464652  192.168.2.6 → 192.168.2.1  DNS 75 Standard query 0xac6b A www.gstatic.com
    6 0.000477224  192.168.2.6 → 192.168.2.1  DNS 75 Standard query 0xc4c1 AAAA www.gstatic.com
    7 0.019008021  192.168.2.1 → 192.168.2.6  DNS 246 Standard query response 0xb9ba AAAA ssl.gstatic.com AAAA 2a00:1450:400e:803::2003 NS ns4.google.com NS ns3.google.com NS ns1.google.com NS ns2.google.com A 216.239.32.10 A 216.239.34.10 A 216.239.36.10 A 216.239.38.10
and a lot more

$ editcap -r wiresharktest.pcapng wiresharktest50 1-50
no feedback, wiresharktest.pcapng is 35.3 kb, wiresharktest50 is 8.3 kb

$ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50
mergecap: wiresharktest.pcapng is type Wireshark/... - pcapng.
mergecap: wiresharktest50 is type Wireshark/... - pcapng.
mergecap: selected frame_type Ethernet (ether)
mergecap: ready to merge records
Record: 1
Record: 2
Record: 3
to 218 which is correct 168 + 50

$ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
Number of packets:   50
and some more

All seems OK

CC: (none) => herman.viaene
Whiteboard: has_procedure => has_procedure MGA6-32-OK

Comment 3 Lewis Smith 2017-07-28 11:11:25 CEST 
Advisoried from ,Comment 0.
Validating under temporary policy accepting 1 OK: for which thanks Herman.

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA6-32-OK => has_procedure MGA6-32-OK advisory
CC: (none) => lewyssmith, sysadmin-bugs

Comment 4 Mageia Robot 2017-07-28 20:13:22 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0226.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED