Bug 26463

Summary: wireshark new release 3.0.10 fixes security issue
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, herman.viaene, sysadmin-bugs, tmb
Version: 7Keywords: advisory, has_procedure, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: wireshark-3.0.9-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-04-09 19:32:32 CEST 
Upstream has released new versions on April 8:
https://www.wireshark.org/news/20200408.html

Updated package uploaded for Mageia 7.

Advisory:
========================

Updated wireshark packages fix security vulnerability:

The BACapp dissector could crash (CVE-2020-11647).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11647
https://www.wireshark.org/security/wnpa-sec-2020-07
https://www.wireshark.org/docs/relnotes/wireshark-3.0.10.html
https://www.wireshark.org/news/20200408.html
========================

Updated packages in core/updates_testing:
========================
wireshark-3.0.10-1.mga7
libwireshark12-3.0.10-1.mga7
libwiretap9-3.0.10-1.mga7
libwscodecs2-3.0.10-1.mga7
libwsutil10-3.0.10-1.mga7
libwireshark-devel-3.0.10-1.mga7
wireshark-tools-3.0.10-1.mga7
tshark-3.0.10-1.mga7
rawshark-3.0.10-1.mga7
dumpcap-3.0.10-1.mga7

from wireshark-3.0.10-1.mga7.src.rpm
Comment 1 David Walser 2020-04-09 19:32:49 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Comment 2 Herman Viaene 2020-04-10 11:26:42 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref to bug 25436 Comment 1. Repeated all tests therein (refering to the QA procedure which is a bit  outdated), with the same results.
So OK for me

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2020-04-10 17:16:55 CEST 
Sounds like someone in the know should revise the QA procedure.

Validating. Advisory in Comment 0.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2020-04-15 11:04:19 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 4 Mageia Robot 2020-04-15 12:13:58 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0172.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED