| Summary: | wireshark new releases 1.6.11 and 1.8.3 fix security issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, doktor5000, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | has_procedure MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | wireshark-1.6.10-1.mga2.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-10-03 02:47:28 CEST
David Walser
2012-10-03 02:47:50 CEST
CC:
(none) =>
doktor5000 For the Mageia 2 update, 1.6.11 only fixes one security issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239 http://www.wireshark.org/security/wnpa-sec-2012-28.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html It's not immediately obvious whether Mageia 1 is affected as Wireshark 1.4 is no longer supported upstream. Here's the code change for that vulnerability: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-drda.c?r1=44749&r2=44748&pathrev=44749 It appears that code is a while loop, looping because "there may be multiple DRDA commands in one frame," but that same code in 1.4 does not run inside of a while loop (so maybe it doesn't support multiple DRDA commands in one frame). I doubt this vulnerability, which is that the while loop could be infinite, is present in 1.4 given that the while loop itself is not there. If there's a PoC to test we can confirm this, but it seems highly likely. Whiteboard:
MGA2TOO, MGA1TOO =>
MGA2TOO Updated packages uploaded for Mageia 2 and Cauldron. Advisory: ======================== Updated wireshark packages fix security vulnerability: Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239 http://www.wireshark.org/security/wnpa-sec-2012-28.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html http://www.wireshark.org/news/20121002.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.6.11-1.mga2 libwireshark1-1.6.11-1.mga2 libwireshark-devel-1.6.11-1.mga2 wireshark-tools-1.6.11-1.mga2 tshark-1.6.11-1.mga2 rawshark-1.6.11-1.mga2 dumpcap-1.6.11-1.mga2 from wireshark-1.6.11-1.mga2.src.rpm Version:
Cauldron =>
2 PoC: attached to this bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666 There are also instructions in the bug report, just open the capture file with wireshark or tshark -r Whiteboard:
(none) =>
has_procedure
claire robinson
2012-10-03 09:55:12 CEST
Hardware:
i586 =>
All Testing complete on Mageia 2 x86-64 and i586. Thanks for the poc Claire. I've also confirmed that Mageia 1 is not affected. Could someone from the sysadmin team push the srpm wireshark-1.6.11-1.mga2.src.rpm from Core Updates Testing to Core Updates. Advisory: Updated wireshark packages fix security vulnerability: Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239 http://www.wireshark.org/security/wnpa-sec-2012-28.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html http://www.wireshark.org/news/20121002.html https://bugs.mageia.org/show_bug.cgi?id=7681 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0284 Status:
NEW =>
RESOLVED The CVE has been updated to say that is a duplicate of CVE-2012-3548: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3548 This was also noted by LWN, who posted our advisory: http://lwn.net/Vulnerabilities/518920/ Could be update the advisory on the wiki and replace the CVE reference? |