Bug 25158

Summary: wireshark new release 3.0.3 fixes security issue
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: brtians1, herman.viaene, sysadmin-bugs, tmb
Version: 7Keywords: advisory, has_procedure, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: wireshark-3.0.2-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-07-20 18:28:18 CEST 
Upstream has released new versions on July 17:
https://www.wireshark.org/news/20190717.html

Updated package uploaded for Mageia 7.

Advisory:
========================

Updated wireshark packages fix security vulnerability:

ASN.1 BER and related dissectors crash (CVE-2019-13619).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13619
https://www.wireshark.org/security/wnpa-sec-2019-20
https://www.wireshark.org/docs/relnotes/wireshark-3.0.3.html
https://www.wireshark.org/news/20190717.html
========================

Updated packages in core/updates_testing:
========================
wireshark-3.0.3-1.mga7
libwireshark12-3.0.3-1.mga7
libwiretap9-3.0.3-1.mga7
libwscodecs2-3.0.3-1.mga7
libwsutil10-3.0.3-1.mga7
libwireshark-devel-3.0.3-1.mga7
wireshark-tools-3.0.3-1.mga7
tshark-3.0.3-1.mga7
rawshark-3.0.3-1.mga7
dumpcap-3.0.3-1.mga7

from wireshark-3.0.3-1.mga7.src.rpm
Comment 1 David Walser 2019-07-20 18:28:36 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Comment 2 Herman Viaene 2019-07-21 11:11:39 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues, making sure I installed all packages in above list.
Following wiki
$ wireshark -n userwiretest

It took me some time to get the capture going, turned out I had to"Refesh Interfaces" before it captured anything at all.

$ editcap -r userwiretest wiresharktest50 1-50             
$ mergecap -v -w wiresharkmerged userwiretest wiresharktest50
mergecap: userwiretest is type Wireshark/... - pcapng.
mergecap: wiresharktest50 is type Wireshark/... - pcapng.
mergecap: selected frame_type Ethernet (ether)
mergecap: ready to merge records
Record: 1
Record: 2
Record: 3
Record: 4
Record: 5
Record: 6
Record: 7
etc .....
mergecap: merging complete
$ randpkt -b 500 -t dns wireshark_dns.pcap
$ wireshark wireshark_dns.pcap
Shows a lot of stuff.

$ dftest ip
bash: dftest: opdracht niet gevonden (command not found) !!!!

# urpmf dftest
    $MIRRORLIST: media/core/release/media_info/20190627-235351-files.xml.lzma
wireshark:/usr/share/wireshark/dftest.html                                                                                       
wireshark-tools:/usr/share/doc/wireshark/dftest.html
wireshark-tools:/usr/share/man/man1/dftest.1.xz
    $MIRRORLIST: media/core/updates/media_info/20190720-193221-files.xml.lzma
    $MIRRORLIST: media/core/updates_testing/media_info/20190720-194725-files.xml.lzma                                            
wireshark-tools:/usr/share/doc/wireshark/dftest.html                                                                             
wireshark-tools:/usr/share/man/man1/dftest.1.xz
wireshark:/usr/share/wireshark/dftest.html
    $MIRRORLIST: media/nonfree/release/media_info/20190628-001219-files.xml.lzma
    $MIRRORLIST: media/nonfree/updates/media_info/20190717-101528-files.xml.lzma                                                 
    $MIRRORLIST: media/tainted/release/media_info/20190628-001348-files.xml.lzma                                                 
    $MIRRORLIST: media/tainted/updates/media_info/20190711-201355-files.xml.lzma         
I don't see any executable in these???
$ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
Number of packets:   18
File size:           2.112 bytes
Data size:           1.268 bytes
Capture duration:    8,313120932 seconds
First packet time:   2019-07-21 10:45:14,469459238
Last packet time:    2019-07-21 10:45:22,782580170
Data byte rate:      152 bytes/s
Data bit rate:       1.220 bits/s
Average packet size: 70,44 bytes
Average packet rate: 2 packets/s
SHA256:              1ad62a5ed77c1b870764aab35766c9b18476811ec333780f210a66c597986673
RIPEMD160:           ffae8ad379abb4b1e7f1a22bdfd49ccb5b920939
SHA1:                ea42357f96e716a66b95548f32ffa7fb4eff84d6
Strict time order:   True
Capture hardware:    Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz (with SSE4.2)
Capture oper-sys:    Linux 5.1.18-desktop-1.mga7
Capture application: Dumpcap (Wireshark) 3.0.3 (Git commit 6130b92b0ec6)
Number of interfaces in file: 1
Interface #0 info:
                     Name = wlp9s0
                     Encapsulation = Ethernet (1 - ether)
                     Capture length = 262144
                     Time precision = nanoseconds (9)
                     Time ticks per second = 1000000000
                     Time resolution = 0x09
                     Operating system = Linux 5.1.18-desktop-1.mga7
                     Number of stat entries = 0
                     Number of packets = 18

All looks OK, except the dftest which I cann't explain.

CC: (none) => herman.viaene

Thomas Backlund 2019-08-10 16:27:41 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 3 Brian Rockwell 2019-08-16 17:48:25 CEST 
Physical hardware running Xfce and latest patches

# uname -a
Linux localhost 5.2.7-desktop-1.mga7 #1 SMP Wed Aug 7 10:32:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux


The following 19 packages are going to be installed:

- dumpcap-3.0.3-1.mga7.x86_64
- lib64bcg729_0-1.0.4-2.mga7.x86_64
- lib64lua5.2-5.2.4-3.mga7.x86_64
- lib64maxminddb0-1.3.2-3.mga7.x86_64
- lib64nl-route3_200-3.4.0-3.mga7.x86_64
- lib64qt5multimedia5-5.12.2-2.mga7.x86_64
- lib64qt5printsupport5-5.12.2-2.mga7.x86_64
- lib64sbc1-1.4-1.mga7.x86_64
- lib64smi2-0.5.0-3.mga7.x86_64
- lib64snappy1-1.1.7-2.mga7.x86_64
- lib64spandsp2-0.0.6-pre20180108.2.mga7.x86_64
- lib64wireshark12-3.0.3-1.mga7.x86_64
- lib64wiretap9-3.0.3-1.mga7.x86_64
- lib64wscodecs2-3.0.3-1.mga7.x86_64
- lib64wsutil10-3.0.3-1.mga7.x86_64
- libsmi-mibs-std-0.5.0-3.mga7.x86_64
- smi-tools-0.5.0-3.mga7.x86_64
- wireshark-3.0.3-1.mga7.x86_64
- wireshark-tools-3.0.3-1.mga7.x86_64

123MB of additional disk space will be used.

23MB of packages will be retrieved.

Is it ok to continue?

----

After installation I tried running wireshark from menu.  That works, but it cannot capture.  I had to go to root to really use it, probably how security is configured on this machine.

Ran it from command line and did some captures.  It seems to work as intended.

Approving for 64-bit.

CC: (none) => brtians1
Whiteboard: (none) => MGA7-64-OK

Thomas Backlund 2019-08-31 13:28:33 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2019-08-31 15:24:10 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0227.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED