Wireshark has issued new releases on May 17: http://www.wireshark.org/news/20130517.html Reproducible: Steps to Reproduce:
The new versions are in SVN.
Whiteboard: (none) => MGA3TOO, MGA2TOO
Can't reproduce this with wireshark-1.6.14-1.mga2: http://www.wireshark.org/security/wnpa-sec-2013-25.html
CC: (none) => oe
CVEs have now been assigned for the issues fix herein: http://openwall.com/lists/oss-security/2013/05/20/7
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron. Advisory (Mageia 3): ======================== Updated wireshark packages fix security vulnerabilities: The RELOAD dissector could go into an infinite loop (CVE-2013-2486, CVE-2013-2487). The GTPv2 dissector could crash (CVE-2013-3555). The ASN.1 BER dissector could crash (CVE-2013-3557). The PPP CCP dissector could crash (CVE-2013-3558). The DCP ETSI dissector could crash (CVE-2013-3559). The MPEG DSM-CC dissector could crash (CVE-2013-3560). The Websocket dissector could crash. The MySQL dissector could go into an infinite loop. The ETCH dissector could go into a large loop (CVE-2013-3561, CVE-2013-3562). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2486 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3560 http://www.wireshark.org/security/wnpa-sec-2013-23.html http://www.wireshark.org/security/wnpa-sec-2013-24.html http://www.wireshark.org/security/wnpa-sec-2013-25.html http://www.wireshark.org/security/wnpa-sec-2013-26.html http://www.wireshark.org/security/wnpa-sec-2013-27.html http://www.wireshark.org/security/wnpa-sec-2013-28.html http://www.wireshark.org/security/wnpa-sec-2013-29.html http://www.wireshark.org/security/wnpa-sec-2013-30.html http://www.wireshark.org/security/wnpa-sec-2013-31.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html http://www.wireshark.org/news/20130517.html http://openwall.com/lists/oss-security/2013/05/20/7 ======================== Updated packages in core/updates_testing: ======================== wireshark-1.8.7-1.mga3 libwireshark2-1.8.7-1.mga3 libwireshark-devel-1.8.7-1.mga3 wireshark-tools-1.8.7-1.mga3 tshark-1.8.7-1.mga3 rawshark-1.8.7-1.mga3 dumpcap-1.8.7-1.mga3 from wireshark-1.8.7-1.mga3.src.rpm Advisory (Mageia 2): ======================== Updated wireshark packages fix security vulnerability: The ASN.1 BER dissector could crash (CVE-2013-3557). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557 http://www.wireshark.org/security/wnpa-sec-2013-25.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html http://www.wireshark.org/news/20130517.html http://openwall.com/lists/oss-security/2013/05/20/7 ======================== Updated packages in core/updates_testing: ======================== wireshark-1.6.15-1.mga2 libwireshark1-1.6.15-1.mga2 libwireshark-devel-1.6.15-1.mga2 wireshark-tools-1.6.15-1.mga2 tshark-1.6.15-1.mga2 rawshark-1.6.15-1.mga2 dumpcap-1.6.15-1.mga2 from wireshark-1.6.15-1.mga2.src.rpm
Version: Cauldron => 3Assignee: bugsquad => qa-bugsWhiteboard: MGA3TOO, MGA2TOO => MGA2TOO
PoC's attached to the following bugs: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8638 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8481 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
For Mga2 the only PoC is attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599
Testing complete mga2 32 The pcap file doesn't cause any obvious issues in our wireshark. Created a wireshark capture as root and saved it, then opened it again.
Whiteboard: MGA2TOO => MGA2TOO has_procedure mga2-32-ok
Testing complete mga2 64
Whiteboard: MGA2TOO has_procedure mga2-32-ok => MGA2TOO has_procedure mga2-32-ok mga2-64-ok
Testing mga3 64 using a variety of the PoCs Some crash some cause max cpu usage. After update all open normally. When opened as root to make a capture there is a Lua error. Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: Wireshark is running as root, this is dangerous. The lua function dofile has been disabled, because it is potentially harmful when running as root It does open and does capture OK though afterwards, with the standard wireshark run-as-root warning message after that.
Whiteboard: MGA2TOO has_procedure mga2-32-ok mga2-64-ok => MGA2TOO feedback has_procedure mga2-32-ok mga2-64-ok
This is the same i586 and it seems wireshark now needs users to be added to 'wireshark' group instead of being run as root. When the wireshark group is added to the user and then logged out/in again wireshark operates normally and captures can be made by regular users. So, testing complete mga3 32 & 64 Validating Advisory and SRPM's for mga2 and 3 in comment 4 Could sysadmin please push from 2 & 3 core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA2TOO feedback has_procedure mga2-32-ok mga2-64-ok => MGA2TOO has_procedure mga2-32-ok mga2-64-ok mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Debian has issued an advisory for this on June 2: http://www.debian.org/security/2013/dsa-2700
URL: (none) => http://lwn.net/Vulnerabilities/552736/
Packages have been pushed to updates.
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)