Upstream has issued new versions on November 1: http://www.wireshark.org/news/20131101.html Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO, MGA2TOO
====================================================== Name: CVE-2013-6336 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131031 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-61.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139 The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-6337 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131031 Category: Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-62.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168 Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-6338 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131031 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=52354&r2=52353&pathrev=52354 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52354 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-63.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. ====================================================== Name: CVE-2013-6339 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131031 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52458&r2=52457&pathrev=52458 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52463&r2=52462&pathrev=52463 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52458 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52463 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-64.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248 The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. ====================================================== Name: CVE-2013-6340 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131031 Category: Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-tcp.c?r1=52570&r2=52569&pathrev=52570 Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52570 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-65.html Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263 epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CC: (none) => oe
wireshark-1.10.3-1.mga4 uploaded for Cauldron.
Version: Cauldron => 3Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO
Updated packages uploaded for Mageia 2 and Mageia 3. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The IEEE 802.15.4 dissector could crash (CVE-2013-6336). The NBAP dissector could crash (CVE-2013-6337). The SIP dissector could crash (CVE-2013-6338). The OpenWire dissector could go into a large loop (CVE-2013-6339). The TCP dissector could crash (CVE-2013-6340). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340 https://www.wireshark.org/security/wnpa-sec-2013-61.html https://www.wireshark.org/security/wnpa-sec-2013-62.html https://www.wireshark.org/security/wnpa-sec-2013-63.html https://www.wireshark.org/security/wnpa-sec-2013-64.html https://www.wireshark.org/security/wnpa-sec-2013-65.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.11.html http://www.wireshark.org/news/20131101.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.8.11-1.mga2 libwireshark2-1.8.11-1.mga2 libwireshark-devel-1.8.11-1.mga2 wireshark-tools-1.8.11-1.mga2 tshark-1.8.11-1.mga2 rawshark-1.8.11-1.mga2 dumpcap-1.8.11-1.mga2 wireshark-1.8.11-1.mga3 libwireshark2-1.8.11-1.mga3 libwireshark-devel-1.8.11-1.mga3 wireshark-tools-1.8.11-1.mga3 tshark-1.8.11-1.mga3 rawshark-1.8.11-1.mga3 dumpcap-1.8.11-1.mga3 from SRPMS: wireshark-1.8.11-1.mga2.src.rpm wireshark-1.8.11-1.mga3.src.rpm
Assignee: bugsquad => qa-bugs
Debian has issued an advisory for this on November 4: http://www.debian.org/security/2013/dsa-2792
URL: (none) => http://lwn.net/Vulnerabilities/572869/
LWN reference for CVE-2013-6339, missed in the Debian advisory: http://lwn.net/Vulnerabilities/573329/
There are usually PoC's for wireshark, check the wireshark wnpa-sec links in the advisory. Using wireshark differs between mga2 and 3. In mga2 it needs to be run as root. In mga3 wireshark needs users to be added to 'wireshark' group instead of being run as root. When the wireshark group is added to the user and then logged out/in again wireshark operates normally and captures can be made by regular users.
Whiteboard: MGA2TOO => MGA2TOO has_procedure
Advisory uploaded. Please remove the 'advisory' whiteboard tag if anything changes.
Whiteboard: MGA2TOO has_procedure => MGA2TOO has_procedure advisory
Testing complete mga2 32 & 64 Just tested it could make a capture.
Whiteboard: MGA2TOO has_procedure advisory => MGA2TOO has_procedure advisory mga2-32-ok mga2-64-ok
Testing complete mga3 32 & 64 Validating Could sysadmin please push from 2&3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA2TOO has_procedure advisory mga2-32-ok mga2-64-ok => MGA2TOO has_procedure advisory mga2-32-ok mga2-64-ok mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0347.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED