Bug 11579 - wireshark new releases 1.8.11 and 1.10.3 fix security issues
Summary: wireshark new releases 1.8.11 and 1.10.3 fix security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/572869/
Whiteboard: MGA2TOO has_procedure advisory mga2-3...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-11-02 05:31 CET by David Walser
Modified: 2013-11-22 20:26 CET (History)
3 users (show)

See Also:
Source RPM: wireshark-1.10.2-1.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-11-02 05:31:17 CET
Upstream has issued new versions on November 1:
http://www.wireshark.org/news/20131101.html

Reproducible: 

Steps to Reproduce:
David Walser 2013-11-02 05:31:45 CET

Whiteboard: (none) => MGA3TOO, MGA2TOO

Comment 1 Oden Eriksson 2013-11-04 16:09:39 CET
======================================================
Name: CVE-2013-6336
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20131031
Category: 
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-61.html
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139

The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c
in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and
1.10.x before 1.10.3 uses an incorrect pointer chain, which allows
remote attackers to cause a denial of service (application crash) via
a crafted packet.



======================================================
Name: CVE-2013-6337
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20131031
Category: 
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-62.html
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168

Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x
before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to
cause a denial of service (application crash) via a crafted packet.



======================================================
Name: CVE-2013-6338
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20131031
Category: 
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=52354&r2=52353&pathrev=52354
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52354
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-63.html
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228

The dissect_sip_common function in epan/dissectors/packet-sip.c in the
SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before
1.10.3 does not properly initialize a data structure, which allows
remote attackers to cause a denial of service (application crash) via
a crafted packet.



======================================================
Name: CVE-2013-6339
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20131031
Category: 
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52458&r2=52457&pathrev=52458
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52463&r2=52462&pathrev=52463
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52458
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52463
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-64.html
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248

The dissect_openwire_type function in
epan/dissectors/packet-openwire.c in the OpenWire dissector in
Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote
attackers to cause a denial of service (loop) via a crafted packet.



======================================================
Name: CVE-2013-6340
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20131031
Category: 
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-tcp.c?r1=52570&r2=52569&pathrev=52570
Reference: CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=52570
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-65.html
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263

epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x
before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the
amount of remaining data, which allows remote attackers to cause a
denial of service (application crash) via a crafted packet.

CC: (none) => oe

Comment 2 David Walser 2013-11-05 18:37:36 CET
wireshark-1.10.3-1.mga4 uploaded for Cauldron.

Version: Cauldron => 3
Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO

Comment 3 David Walser 2013-11-05 19:25:53 CET
Updated packages uploaded for Mageia 2 and Mageia 3.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The IEEE 802.15.4 dissector could crash (CVE-2013-6336).

The NBAP dissector could crash (CVE-2013-6337).

The SIP dissector could crash (CVE-2013-6338).

The OpenWire dissector could go into a large loop (CVE-2013-6339).

The TCP dissector could crash (CVE-2013-6340).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340
https://www.wireshark.org/security/wnpa-sec-2013-61.html
https://www.wireshark.org/security/wnpa-sec-2013-62.html
https://www.wireshark.org/security/wnpa-sec-2013-63.html
https://www.wireshark.org/security/wnpa-sec-2013-64.html
https://www.wireshark.org/security/wnpa-sec-2013-65.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.11.html
http://www.wireshark.org/news/20131101.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.8.11-1.mga2
libwireshark2-1.8.11-1.mga2
libwireshark-devel-1.8.11-1.mga2
wireshark-tools-1.8.11-1.mga2
tshark-1.8.11-1.mga2
rawshark-1.8.11-1.mga2
dumpcap-1.8.11-1.mga2
wireshark-1.8.11-1.mga3
libwireshark2-1.8.11-1.mga3
libwireshark-devel-1.8.11-1.mga3
wireshark-tools-1.8.11-1.mga3
tshark-1.8.11-1.mga3
rawshark-1.8.11-1.mga3
dumpcap-1.8.11-1.mga3

from SRPMS:
wireshark-1.8.11-1.mga2.src.rpm
wireshark-1.8.11-1.mga3.src.rpm

Assignee: bugsquad => qa-bugs

Comment 4 David Walser 2013-11-05 20:01:03 CET
Debian has issued an advisory for this on November 4:
http://www.debian.org/security/2013/dsa-2792

URL: (none) => http://lwn.net/Vulnerabilities/572869/

Comment 5 David Walser 2013-11-08 18:36:51 CET
LWN reference for CVE-2013-6339, missed in the Debian advisory:
http://lwn.net/Vulnerabilities/573329/
Comment 6 claire robinson 2013-11-19 10:49:23 CET
There are usually PoC's for wireshark, check the wireshark wnpa-sec links in the advisory.

Using wireshark differs between mga2 and 3. In mga2 it needs to be run as root.

In mga3 wireshark needs users to be added to 'wireshark' group instead of being run as root. When the wireshark group is added to the user and then logged out/in again wireshark operates normally and captures can be made by regular users.

Whiteboard: MGA2TOO => MGA2TOO has_procedure

Comment 7 claire robinson 2013-11-19 12:54:47 CET
Advisory uploaded. Please remove the 'advisory' whiteboard tag if anything changes.

Whiteboard: MGA2TOO has_procedure => MGA2TOO has_procedure advisory

Comment 8 claire robinson 2013-11-20 18:22:24 CET
Testing complete mga2 32 & 64

Just tested it could make a capture.

Whiteboard: MGA2TOO has_procedure advisory => MGA2TOO has_procedure advisory mga2-32-ok mga2-64-ok

Comment 9 claire robinson 2013-11-21 14:25:40 CET
Testing complete mga3 32 & 64

Validating

Could sysadmin please push from 2&3 core/updates_testing to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA2TOO has_procedure advisory mga2-32-ok mga2-64-ok => MGA2TOO has_procedure advisory mga2-32-ok mga2-64-ok mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 10 Thomas Backlund 2013-11-22 20:26:31 CET
Update pushed:
http://advisories.mageia.org/MGASA-2013-0347.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.