Upstream has released new versions on April 22: http://www.wireshark.org/news/20140422.html Updated packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The RTP dissector could crash (CVE-2014-2907). This update provides Wireshark version 1.10.7, which fixes this security issue, as well as several other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2907 https://www.wireshark.org/security/wnpa-sec-2014-06.html http://www.wireshark.org/docs/relnotes/wireshark-1.10.7.html http://www.wireshark.org/news/20140422.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.10.7-1.mga4 libwireshark3-1.10.7-1.mga4 libwiretap3-1.10.7-1.mga4 libwsutil3-1.10.7-1.mga4 libwireshark-devel-1.10.7-1.mga4 wireshark-tools-1.10.7-1.mga4 tshark-1.10.7-1.mga4 rawshark-1.10.7-1.mga4 dumpcap-1.10.7-1.mga4 from wireshark-1.10.7-1.mga4.src.rpm Reproducible: Steps to Reproduce:
In VirtualBox, M4, KDE, 32-bit Package(s) under test: wireshark default install of wireshark [root@localhost ~]# urpmi wireshark Package wireshark-1.10.6-1.mga4.i586 is already installed Running wireshark as root I can capture and save to a file all the traffic on enp0s3. install wireshark from updates_testing [root@localhost ~]# urpmi wireshark Package wireshark-1.10.7-1.mga4.i586 is already installed Running wireshark as root I can capture and save to a different file all the traffic on enp0s3. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
CC: (none) => wilcal.intWhiteboard: (none) => MGA4-32-OK
Note that it'd be good if you could test the PoC for the security issue, attached here: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
(In reply to David Walser from comment #2) > Note that it'd be good if you could test the PoC for the security issue, > attached here: > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885 "crash occurs during a g_hash table lookup for dynamic payload" sounds like technical gibberish to me. How can we test for this?
Don't worry about the technical details, just open the .pcap file in Wireshark, which should crash at that point in the old version, and not crash in the update.
(In reply to David Walser from comment #4) > Don't worry about the technical details, just open the .pcap file in > Wireshark, which should crash at that point in the old version, and not > crash in the update. Tell me exactly how to "open" a .pcap file
In VirtualBox, M4, KDE, 64-bit Package(s) under test: wireshark default install of wireshark [root@localhost ~]# urpmi wireshark Package wireshark-1.10.6-1.mga4.x86_64 is already installed Running wireshark as root I can capture and save to a file all the traffic on enp0s3. install wireshark from updates_testing [root@localhost ~]# urpmi wireshark Package wireshark-1.10.7-1.mga4.x86_64 is already installed Running wireshark as root I can capture and save to a different file all the traffic on enp0s3. Saved files ( .pcap ) open successfully in wireshark. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
(In reply to William Kenney from comment #5) > Tell me exactly how to "open" a .pcap file File, Open...
For me this update works fine. I have successfully opened all four saved files in the updated wireshark. Testing complete for mga4 32-bit & 64-bit sound good to you?
Did you open the file attached to the link in Comment 2?
(In reply to David Walser from comment #9) > Did you open the file attached to the link in Comment 2? Yes but I saw this as closed and fixed. I've now opened, using wireshark, all the saved files with the updated wireshark. Otherwise I'm gonna have to go back and restart all over, confirm the crash, update and retest.
(In reply to William Kenney from comment #10) > (In reply to David Walser from comment #9) > > > Did you open the file attached to the link in Comment 2? > > Yes but I saw this as closed and fixed. > I've now opened, using wireshark, all the saved files > with the updated wireshark. Otherwise I'm gonna have > to go back and restart all over, confirm the crash, > update and retest. Yes, it was marked as fixed on the upstream bugzilla, but it's good to confirm that it actually is fixed. Once we found one that hadn't actually be fully correctly fixed (sometimes there can be some differences on different systems due to libraries or compiler differences). As long as the pcap file opens fine and doesn't crash Wireshark in the updated version, you can go ahead and validate this one. I don't see a need to confirm that it crashes the old version.
For me this update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. This one's good to go. Could someone from the sysadmin team push this to updates. Thanks David.
Keywords: (none) => validated_updateWhiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
Advisory added.
Whiteboard: MGA4-32-OK MGA4-64-OK => advisory MGA4-32-OK MGA4-64-OK
URL: (none) => http://lwn.net/Vulnerabilities/596236/
Update pushed: http://advisories.mageia.org/MGASA-2014-0195.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED