Bug 21642

Summary: wireshark new release 2.2.9 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, lewyssmith, sysadmin-bugs, wilcal.int
Version: 6Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: has_procedure MGA6-32-OK MGA6-64-OK advisory
Source RPM: wireshark-2.2.8-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-08-31 02:14:56 CEST 
Upstream has released new versions on August 29:
https://www.wireshark.org/news/20170829.html

Updated package uploaded for Mageia 6.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.2.9, which fixes a few
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
https://www.wireshark.org/security/wnpa-sec-2017-38.html
https://www.wireshark.org/security/wnpa-sec-2017-39.html
https://www.wireshark.org/security/wnpa-sec-2017-41.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.9.html
https://www.wireshark.org/news/20170829.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.2.9-1.mga6
libwireshark8-2.2.9-1.mga6
libwiretap6-2.2.9-1.mga6
libwscodecs1-2.2.9-1.mga6
libwsutil7-2.2.9-1.mga6
libwireshark-devel-2.2.9-1.mga6
wireshark-tools-2.2.9-1.mga6
tshark-2.2.9-1.mga6
rawshark-2.2.9-1.mga6
dumpcap-2.2.9-1.mga6

from wireshark-2.2.9-1.mga6.src.rpm
Comment 1 David Walser 2017-08-31 02:15:16 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 William Kenney 2017-09-01 00:25:47 CEST 
In VirtualBox, M6, Plasma, 64-bit

Package(s) under test:
wireshark lib64wireshark8 lib64wiretap6 lib64wsutil7 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark8
Package lib64wireshark8-2.2.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap6
Package lib64wiretap6-2.2.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil7
Package lib64wsutil7-2.2.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.8-1.mga6.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
7834 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test01.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.

install wireshark lib64wireshark8 lib64wiretap6 lib64wsutil7
wireshark-tools tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.9-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark8
Package lib64wireshark8-2.2.9-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap6
Package lib64wiretap6-2.2.9-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil7
Package lib64wsutil7-2.2.9-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.9-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.9-1.mga6.x86_64 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) the traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Capturing on 'enp0s3'
4027 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.

CC: (none) => wilcal.int

William Kenney 2017-09-01 00:26:21 CEST

Whiteboard: has_procedure => has_procedure MGA6-64-OK

Comment 3 William Kenney 2017-09-01 01:15:27 CEST 
In VirtualBox, M6, Plasma, 32-bit

Package(s) under test:
wireshark libwireshark8 libwiretap6 libwsutil7 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.8-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark8
Package libwireshark8-2.2.8-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap6
Package libwiretap6-2.2.8-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil7
Package libwsutil7-2.2.8-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.8-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.8-1.mga6.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
11796 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test01.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.

install wireshark libwireshark8 libwiretap6 libwsutil7
wireshark-tools tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.9-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark8
Package libwireshark8-2.2.9-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap6
Package libwiretap6-2.2.9-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil7
Package libwsutil7-2.2.9-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.9-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.9-1.mga6.i586 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) the traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Capturing on 'enp0s3'
4847 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.
Comment 4 William Kenney 2017-09-01 01:21:05 CEST 
Tinkering with the procedure:

https://wiki.mageia.org/en/QA_procedure:Wireshark

$ wireshark -n wiresharktest
$ tshark -nr wiresharktest

For some reason for me both report lots of errors and conflicts.
Maybe someone can define how it works.
William Kenney 2017-09-01 01:21:23 CEST

Whiteboard: has_procedure MGA6-64-OK => has_procedure MGA6-32-OK MGA6-64-OK

Comment 5 Lewis Smith 2017-09-01 21:23:24 CEST 
@ Bill : Thanks for a super job again!
Validating for you.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Dave Hodgins 2017-09-02 10:03:10 CEST

CC: (none) => davidwhodgins
Whiteboard: has_procedure MGA6-32-OK MGA6-64-OK => has_procedure MGA6-32-OK MGA6-64-OK advisory

Comment 6 Mageia Robot 2017-09-03 16:32:29 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0328.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 7 David Walser 2017-12-09 21:19:28 CET 
wnpa-sec-2017-39 is CVE-2017-13766 according to Debian:
https://www.debian.org/security/2017/dsa-4060