Bug 7075

Summary: wireshark new releases 1.4.15, 1.6.10, and 1.8.2 fix security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, stormi-mageia, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.wireshark.org/news/20120815.html
Whiteboard: MGA1TOO has_procedure MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Source RPM: wireshark-1.6.9-1.mga2.src.rpm CVE:
Status comment:
Attachments: Test files from the bug reports - testfiles.tgz

Comment 1 David Walser 2012-08-16 03:25:37 CEST 
Advisory notes:

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
Note: this issue, also known as wnpa-sec-2012-19, only affects Mageia 2.

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
http://www.wireshark.org/news/20120815.html
Comment 2 David Walser 2012-08-16 04:00:25 CEST 
Updated package uploaded for Mageia 1, Mageia 2, and Cauldron.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
Note: this issue, also known as wnpa-sec-2012-19, only affects Mageia 2.

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
http://www.wireshark.org/news/20120815.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.4.15-1.mga1
libwireshark0-1.4.15-1.mga1
libwireshark-devel-1.4.15-1.mga1
wireshark-tools-1.4.15-1.mga1
tshark-1.4.15-1.mga1
rawshark-1.4.15-1.mga1
dumpcap-1.4.15-1.mga1
wireshark-1.6.10-1.mga2
libwireshark1-1.6.10-1.mga2
libwireshark-devel-1.6.10-1.mga2
wireshark-tools-1.6.10-1.mga2
tshark-1.6.10-1.mga2
rawshark-1.6.10-1.mga2
dumpcap-1.6.10-1.mga2

from SRPMS:
wireshark-1.4.15-1.mga1.src.rpm
wireshark-1.6.10-1.mga2.src.rpm

Hardware: i586 => All
Version: Cauldron => 2
Assignee: bugsquad => qa-bugs
Whiteboard: (none) => MGA1TOO

Comment 3 David Walser 2012-08-16 19:10:04 CEST 
Mandriva has issued an advisory for this today (August 16):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:134
Comment 4 Samuel Verschelde 2012-08-17 23:13:30 CEST 
We've got a testing procedure for wireshark: https://wiki.mageia.org/en/QA_procedure:Wireshark

CC: (none) => stormi
Whiteboard: MGA1TOO => MGA1TOO has_procedure

Comment 5 Dave Hodgins 2012-08-18 02:06:58 CEST 
Created attachment 2656 [details]
Test files from the bug reports - testfiles.tgz

Test files from the bug reports, except wnpa-sec-2012-20 and
wnpa-sec-2012-23, which are not publicly accessible.

On Mageia 2 x86-64 Core Updates version, all of the capture files do
cause either crashes, or cause wireshark to stop responding, except the
emem.crash file from wnpa-sec-2012-19, which doesn't cause any problem
on my system.

I'll test the updates testing version shortly.
Comment 6 Dave Hodgins 2012-08-18 02:57:49 CEST 
Testing complete on Mageia 2 x86-64.  None of the available capture
files cause problems after updating.  I also went through the test
procedure, and the only problem I found was a problem with the test
procedure, which I've fixed (removed the -v option from the randpkt
command, as it doesn't support that option, either in the Updates
version, or the Updates Testing version.

I'll test Mageia 2 i586 shortly.

CC: (none) => davidwhodgins
Whiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure MGA2-64-OK

Comment 7 Dave Hodgins 2012-08-18 03:14:56 CEST 
Testing complete on Mageia 2 i586.  Same results as on x86-64.

I'll test Mageia 1 x86-64 shortly.

Whiteboard: MGA1TOO has_procedure MGA2-64-OK => MGA1TOO has_procedure MGA2-64-OK MGA2-32-OK

Comment 8 Dave Hodgins 2012-08-18 03:51:45 CEST 
Testing complete on Mageia 1 x86-64.  I'll test Mageia 1 i586 shortly.

Whiteboard: MGA1TOO has_procedure MGA2-64-OK MGA2-32-OK => MGA1TOO has_procedure MGA2-64-OK MGA2-32-OK MGA1-64-OK

Comment 9 Dave Hodgins 2012-08-18 04:23:08 CEST 
Testing complete on Mageia 1 i586.

Could someone from the sysadmin team push the srpm
wireshark-1.6.10-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
wireshark-1.4.15-1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated wireshark packages fix security vulnerabilities:

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
Note: this issue, also known as wnpa-sec-2012-19, only affects Mageia 2.

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
http://www.wireshark.org/news/20120815.html

https://bugs.mageia.org/show_bug.cgi?id=7075

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA1TOO has_procedure MGA2-64-OK MGA2-32-OK MGA1-64-OK => MGA1TOO has_procedure MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK

Comment 10 Thomas Backlund 2012-08-18 12:42:13 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0226

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED