Upstream has released new versions on June 12: http://www.wireshark.org/news/20140612.html Updated packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The frame metadissector could crash (CVE-2014-4020). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4020 https://www.wireshark.org/security/wnpa-sec-2014-07.html http://www.wireshark.org/docs/relnotes/wireshark-1.10.8.html http://www.wireshark.org/news/20140612.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.10.8-1.mga4 libwireshark3-1.10.8-1.mga4 libwiretap3-1.10.8-1.mga4 libwsutil3-1.10.8-1.mga4 libwireshark-devel-1.10.8-1.mga4 wireshark-tools-1.10.8-1.mga4 tshark-1.10.8-1.mga4 rawshark-1.10.8-1.mga4 dumpcap-1.10.8-1.mga4 from wireshark-1.10.8-1.mga4.src.rpm Reproducible: Steps to Reproduce:
I tested the pcap files on the two referenced upstream bugs. I could reproduce the assertion error in the first one, though it didn't cause a crash. I couldn't reproduce the error in the second one. With the update, the assertion error in the first one is gone, and both pcaps load fine. A packet capture also works fine. Tested on i586 in a VMWare VM.
Claire gave me the OK to add the whiteboard marker. Adding now.
Whiteboard: (none) => MGA4-32-OK
same tests under x86_64 ok
CC: (none) => makowski.mageiaWhiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OK
Thanks both. Validating. Advisory uploaded. Could sysadmin please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4-32-OK MGA4-64-OK => advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0264.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/602884/