Bug 23508

Summary: wireshark new release 2.2.17 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, sysadmin-bugs, tmb, wilcal.int
Version: 6Keywords: advisory, has_procedure, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK MGA6-64-OK
Source RPM: wireshark-2.2.16-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-08-31 23:16:38 CEST 
Upstream has released new versions on August 29:
https://www.wireshark.org/news/20180829.html

Updated package uploaded for Mageia 6.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

Bluetooth Attribute Protocol dissector crash (CVE-2018-16056).

Radiotap dissector crash (CVE-2018-16057).

Bluetooth AVDTP dissector crash (CVE-2018-16058).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16058
https://www.wireshark.org/security/wnpa-sec-2018-44.html
https://www.wireshark.org/security/wnpa-sec-2018-45.html
https://www.wireshark.org/security/wnpa-sec-2018-46.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.17.html
https://www.wireshark.org/news/20180829.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.2.17-1.mga6
libwireshark8-2.2.17-1.mga6
libwiretap6-2.2.17-1.mga6
libwscodecs1-2.2.17-1.mga6
libwsutil7-2.2.17-1.mga6
libwireshark-devel-2.2.17-1.mga6
wireshark-tools-2.2.17-1.mga6
tshark-2.2.17-1.mga6
rawshark-2.2.17-1.mga6
dumpcap-2.2.17-1.mga6

from wireshark-2.2.17-1.mga6.src.rpm
Comment 1 David Walser 2018-08-31 23:16:51 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Thomas Backlund 2018-09-02 19:24:59 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 2 PC LX 2018-09-05 12:47:22 CEST 
Installed and tested without issues.

Tests included:
- Procedure in comment 1.
- Using GUI and CLI tools.
- Loading and filtering existing pcap files.
- Capturing and filtering DNS traffic.
- Capturing and filtering HTTP(S) traffic.
- Capturing and filtering IMAP/POP/SMTP traffic.

System: Mageia 6, x86_64, Plasma DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.

$ uname -a
Linux marte 4.14.65-desktop-1.mga6 #1 SMP Sat Aug 18 14:50:29 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ lspcidrake | grep NET
r8169           : Realtek Semiconductor Co., Ltd.|RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [NETWORK_ETHERNET] (rev: 02)
$ rpm -qa | grep 2.2.17-1 | sort
dumpcap-2.2.17-1.mga6
lib64wireshark8-2.2.17-1.mga6
lib64wiretap6-2.2.17-1.mga6
lib64wscodecs1-2.2.17-1.mga6
lib64wsutil7-2.2.17-1.mga6
wireshark-2.2.17-1.mga6
wireshark-tools-2.2.17-1.mga6

CC: (none) => mageia
Whiteboard: (none) => MGA6-64-OK

Comment 3 William Kenney 2018-09-06 18:12:48 CEST 
In VirtualBox, M6, MATE, 32-bit

Package(s) under test:
wireshark libwireshark8 libwiretap6 libwsutil7 wireshark-tools tshark

The following 16 packages are going to be installed:

- dumpcap-2.2.16-1.mga6.i586
- geoip-database-1.6.9-2.mga6.noarch
- libgeoip1-1.6.9-2.mga6.i586
- libnl-route3_200-3.3.0-1.mga6.i586
- libqt5multimedia5-5.9.4-1.mga6.i586
- libqt5printsupport5-5.9.4-1.1.mga6.i586
- libsmi-mibs-std-0.5.0-2.mga6.i586
- libsmi2-0.5.0-2.mga6.i586
- libwireshark8-2.2.16-1.mga6.i586
- libwiretap6-2.2.16-1.mga6.i586
- libwscodecs1-2.2.16-1.mga6.i586
- libwsutil7-2.2.16-1.mga6.i586
- smi-tools-0.5.0-2.mga6.i586
- tshark-2.2.16-1.mga6.i586
- wireshark-2.2.16-1.mga6.i586
- wireshark-tools-2.2.16-1.mga6.i586

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark8
Package libwireshark8-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap6
Package libwiretap6-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil7
Package libwsutil7-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.16-1.mga6.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Capturing on 'enp0s3'
3806 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
ip.src == 192.168.0.10          ( this system )
ip.addr == 192.168.0.13         ( Yamaha receiver, barks a lot )
Set filter to: not ip.addr == 192.168.0.10 and not ip.src == 192.168.0.13
Filter works.

install wireshark libwireshark8 libwiretap6 libwsutil7 wireshark-tools
tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.17-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark8
Package libwireshark8-2.2.17-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap6
Package libwiretap6-2.2.17-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil7
Package libwsutil7-2.2.17-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.17-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.17-1.mga6.i586 is already installed

Running wireshark I can capture and save to a file
(test03.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test03.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test04.txt works
Capturing on 'enp0s3'
8792 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
Set filter to: not ip.addr == 192.168.0.10 and not ip.src == 192.168.0.13
Filter works.

CC: (none) => wilcal.int

Comment 4 William Kenney 2018-09-06 18:13:31 CEST 
Good to go

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

William Kenney 2018-09-06 18:14:08 CEST

Whiteboard: MGA6-64-OK => MGA6-32-OK MGA6-64-OK

Comment 5 Mageia Robot 2018-09-07 12:16:04 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0370.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED