| Summary: | wireshark new release 3.0.14 fixes security issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, ouaurelien, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, has_procedure, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | wireshark-3.0.13-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-10-13 01:36:12 CEST
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark Keywords:
(none) =>
has_procedure mga7, x86_64
Added user to wireshark group.
Installed all components before updating and used wireshark to create a pcap file. Cannot remember the details - managed by accident without understanding the grammar.
Updated the packages but found that libwsutil11-3.0.14-1.mga7 is actually named libwsutil10-3.0.14-1.mga7 ; 10 not 11. ??
Starting the QA procedure found it impossible to specify a filter for creating a capture file and gave up - syntax errors at every step.
Carried on with the procedure.
The analysis of the original woresharktest.pcap showed local network traffic OK. Recognized the addresses of the NAS drive and host machine and the networked fileserver in the listing, mainly for TCP ACKs and Application Data under TLSv1.2 and an announcement regarding the wifi printer, presumably a poll of some kind.
$ editcap -r wiresharktest.pcap wiresharktest50 1-50
Generated 50 line extract.
$ mergecap -v -w wiresharkmerged wiresharktest.pcap wiresharktest50
[...]
Record: 1778
Record: 1779
mergecap: merging complete
$ ll wire*
-rw-r--r-- 1 lcl lcl 1321196 Oct 13 11:10 wiresharkmerged
-rw-r--r-- 1 lcl lcl 5540 Oct 13 11:07 wiresharktest50
-rw-r--r-- 1 lcl lcl 1284843 Oct 13 10:09 wiresharktest.pcap
$ randpkt -b 500 -t dns wireshark_dns.pcap
$ ll wire*dns*
-rw-r--r-- 1 lcl lcl 291411 Oct 13 11:15 wireshark_dns.pcap
$ wireshark wireshark_dns.pcap
This shows a lot of DNS transactions with Malformed Packet and Unknown Operation response - to be expected.
dftest does not appear to be fully installed. There are man and HTML documents dated today but no command.
$ capinfos wiresharktest50
File name: wiresharktest50
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
File timestamp precision: microseconds (6)
Packet size limit: file hdr: (not set)
[...]
Interface #0 info:
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Number of stat entries = 0
Number of packets = 50
These general tests look OK but leaving this open for comments.CC:
(none) =>
tarazed25 Following on from comment 2: The absence of dftest rings distant bells so maybe this should be passed on. Whiteboard:
(none) =>
MGA7-64-OK The missing dftest command is not a regression. urpmf dftest shows ... wireshark:/usr/share/wireshark/dftest.html wireshark-tools:/usr/share/doc/wireshark/dftest.html wireshark-tools:/usr/share/man/man1/dftest.1.xz for all versions of wireshark since Mageia 7 started. Validating the update. CC:
(none) =>
davidwhodgins, sysadmin-bugs Advisory done Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0384.html Status:
NEW =>
RESOLVED |