Bug 21643

Summary: wireshark new release 2.0.15 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: lewyssmith, sysadmin-bugs, wilcal.int
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK advisory
Source RPM: wireshark-2.0.14-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-08-31 02:15:05 CEST 
Upstream has released new versions on August 29:
https://www.wireshark.org/news/20170829.html

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.15, which fixes a couple
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
https://www.wireshark.org/security/wnpa-sec-2017-38.html
https://www.wireshark.org/security/wnpa-sec-2017-41.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.15.html
https://www.wireshark.org/news/20170829.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.15-1.mga5
libwireshark7-2.0.15-1.mga5
libwiretap5-2.0.15-1.mga5
libwsutil7-2.0.15-1.mga5
libwireshark-devel-2.0.15-1.mga5
wireshark-tools-2.0.15-1.mga5
tshark-2.0.15-1.mga5
rawshark-2.0.15-1.mga5
dumpcap-2.0.15-1.mga5

from wireshark-2.0.15-1.mga5.src.rpm
Comment 1 David Walser 2017-08-31 02:15:27 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 William Kenney 2017-09-01 02:03:28 CEST 
In VirtualBox, M5.1, KDE, 64-bit

Package(s) under test:
wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.14-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark7
Package lib64wireshark7-2.0.14-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.14-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.14-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.14-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.14-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
9148 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test01.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.

install wireshark lib64wireshark7 lib64wiretap5 lib64wsutil6
wireshark-tools tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.15-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark7
Package lib64wireshark7-2.0.15-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap5
Package lib64wiretap5-2.0.15-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil6
Package lib64wsutil6-2.0.15-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.15-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.15-1.mga5.x86_64 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) the traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Capturing on 'enp0s3'
12033 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.

CC: (none) => wilcal.int

William Kenney 2017-09-01 02:03:48 CEST

Whiteboard: has_procedure => has_procedure MGA5-64-OK

Comment 3 William Kenney 2017-09-01 02:38:53 CEST 
In VirtualBox, M5.1, KDE, 32-bit

Package(s) under test:
wireshark libwireshark7 libwiretap5 libwsutil6 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.0.14-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark7
Package libwireshark7-2.0.14-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap5
Package libwiretap5-2.0.14-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil6
Package libwsutil6-2.0.14-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.0.14-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.0.14-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test01.txt works
Capturing on 'enp0s3'
3771 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test01.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.

install wireshark libwireshark7 libwiretap5 libwsutil6
wireshark-tools tshark from updates_testing

[root@localhost Documents]# urpmi wireshark
Package wireshark-2.0.15-1.mga5.i586 is already installed
[root@localhost Documents]# urpmi libwireshark7
Package libwireshark7-2.0.15-1.mga5.i586 is already installed
[root@localhost Documents]# urpmi libwiretap5
Package libwiretap5-2.0.15-1.mga5.i586 is already installed
[root@localhost Documents]# urpmi libwsutil6
Package libwsutil6-2.0.15-1.mga5.i586 is already installed
[root@localhost Documents]# urpmi wireshark-tools
Package wireshark-tools-2.0.15-1.mga5.i586 is already installed
[root@localhost Documents]# urpmi tshark
Package tshark-2.0.15-1.mga5.i586 is already installed

Running wireshark I can capture and save to a file
(test02.pcapng) the traffic on enp0s3. Close wireshark.
Reopen test01.pcapng & test02.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Capturing on 'enp0s3'
8279 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
ip.src == 192.168.1.65          ( this system )
ip.addr == 192.168.1.70         ( Yamaha receiver, barks all the time for some reason )
Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70
Filter works, filters out the barking.
William Kenney 2017-09-01 02:39:14 CEST

Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK

Comment 4 William Kenney 2017-09-01 02:40:56 CEST 
"Barking" the Yamaha receiver is constantly looking for dlna servers
so it scans every 100ms or so.
Comment 5 Lewis Smith 2017-09-01 21:10:38 CEST 
@ Bill : Great work!
Validating (you could have done this, even without the advisory).

Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory
Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 6 William Kenney 2017-09-01 21:16:02 CEST 
This is a fun package to use on your laptop when your in a Starbucks Coffee Shop. :-))
Comment 7 Mageia Robot 2017-09-01 23:11:29 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0324.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED