Bug 8239

Summary: wireshark new releases 1.6.11 and 1.8.4 fix security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, doktor5000, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://www.wireshark.org/news/20121128.html
Whiteboard: has_procedure mga2-64-OK mga2-32-OK
Source RPM: wireshark-1.6.11-1.mga2.src.rpm CVE:
Status comment:

Description David Walser 2012-11-29 04:51:51 CET 
Announced today (November 28):
http://www.wireshark.org/news/20121128.html

Updated packages uploaded for Mageia 2 and Cauldron.

Curiously, no CVEs mentioned in the upstream advisories this time.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)

The ISAKMP dissector could crash. (wnpa-sec-2012-35)

The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)

The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)

The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)

The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40)

References:
http://www.wireshark.org/security/wnpa-sec-2012-31.html
http://www.wireshark.org/security/wnpa-sec-2012-35.html
http://www.wireshark.org/security/wnpa-sec-2012-36.html
http://www.wireshark.org/security/wnpa-sec-2012-37.html
http://www.wireshark.org/security/wnpa-sec-2012-38.html
http://www.wireshark.org/security/wnpa-sec-2012-40.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html
http://www.wireshark.org/news/20121128.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.6.12-1.mga2
libwireshark1-1.6.12-1.mga2
libwireshark-devel-1.6.12-1.mga2
wireshark-tools-1.6.12-1.mga2
tshark-1.6.12-1.mga2
rawshark-1.6.12-1.mga2
dumpcap-1.6.12-1.mga2

from wireshark-1.6.12-1.mga2.src.rpm
David Walser 2012-11-29 04:52:34 CET

CC: (none) => doktor5000

Comment 1 claire robinson 2012-11-29 12:38:45 CET 
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2012-11-29 12:59:54 CET 
Testing complete mga2 64

Created a capture as root and used it with the tests in the procedure.

Whiteboard: has_procedure => has_procedure mga2-64-OK

Comment 3 Dave Hodgins 2012-11-29 23:35:29 CET 
Testing complete on Mageia 2 i586 and x86-64, using the capture
files from the bug reports.

Before updating, one caused a segfault, one did not cause any problems,
the other 4 caused wireshark to go into a loop.

After updating, they all display correctly.

Could someone from the sysadmin team push the srpm
wireshark-1.6.12-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated wireshark packages fix security vulnerabilities:

The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)

The ISAKMP dissector could crash. (wnpa-sec-2012-35)

The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)

The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)

The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)

The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40)

References:
http://www.wireshark.org/security/wnpa-sec-2012-31.html
http://www.wireshark.org/security/wnpa-sec-2012-35.html
http://www.wireshark.org/security/wnpa-sec-2012-36.html
http://www.wireshark.org/security/wnpa-sec-2012-37.html
http://www.wireshark.org/security/wnpa-sec-2012-38.html
http://www.wireshark.org/security/wnpa-sec-2012-40.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html
http://www.wireshark.org/news/20121128.html

https://bugs.mageia.org/show_bug.cgi?id=8239

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-OK

Comment 4 Thomas Backlund 2012-11-30 23:24:32 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0348

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED