Upstream has released new versions on July 31: http://www.wireshark.org/news/20140731.html Wireshark 1.8.x (Mageia 3) is now end-of-life. Based on the descriptions of the security issues fixed in 1.10.9: http://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html I believe I found the right parts of the diff from 1.10.8 to fix those issues in 1.8.15. Unfortunately Wireshark doesn't seem to be linking to the commits that fix issues in their Bugzilla anymore. For three of the issues there's PCAP files that can be used to verify the fixes, but for wnpa-sec-2014-08 there is not. At the very least, this should confirm that 1.8.15 is likely to be affected by all of the security issues fixed in 1.10.9. Reproducible: Steps to Reproduce:
Updated packages uploaded for Mageia 4 and Cauldron. Patched package uploaded for Mageia 3. Should we proceed with this update, or should we update Mageia 3 to 1.10.9 now? Here is a preliminary advisory. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The Catapult DCT2000 and IrDA dissectors could underrun a buffer (CVE-2014-5161, CVE-2014-5162). The GSM Management dissector could crash (CVE-2014-5163). The RLC dissector could crash (CVE-2014-5164). The ASN.1 BER dissector could crash (CVE-2014-5165). The Mageia 4 package has been updated to version 1.10.9 to fix these issues and other bugs. The Mageia 3 package has been patched to fix these issues. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165 https://www.wireshark.org/security/wnpa-sec-2014-08.html https://www.wireshark.org/security/wnpa-sec-2014-09.html https://www.wireshark.org/security/wnpa-sec-2014-10.html https://www.wireshark.org/security/wnpa-sec-2014-11.html http://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html http://www.wireshark.org/news/20140731.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.8.15-1.1.mga3 libwireshark2-1.8.15-1.1.mga3 libwireshark-devel-1.8.15-1.1.mga3 wireshark-tools-1.8.15-1.1.mga3 tshark-1.8.15-1.1.mga3 rawshark-1.8.15-1.1.mga3 dumpcap-1.8.15-1.1.mga3 wireshark-1.10.9-1.mga4 libwireshark3-1.10.9-1.mga4 libwiretap3-1.10.9-1.mga4 libwsutil3-1.10.9-1.mga4 libwireshark-devel-1.10.9-1.mga4 wireshark-tools-1.10.9-1.mga4 tshark-1.10.9-1.mga4 rawshark-1.10.9-1.mga4 dumpcap-1.10.9-1.mga4 from SRPMS: wireshark-1.8.15-1.1.mga3.src.rpm wireshark-1.10.9-1.mga4.src.rpm
CC: (none) => oe, qa-bugsWhiteboard: (none) => MGA3TOO
If 1.12.0 builds and works on mga3, mga4 and cauldron use that version for the supported products.
(In reply to Oden Eriksson from comment #2) > If 1.12.0 builds and works on mga3, mga4 and cauldron use that version for > the supported products. I imagine we'll have to update to 1.12.x at some point, but since it's the first release switching to the Qt GUI, I'd want that to get some testing first. I'll upgrade Mageia 3 to 1.10.9 for now though. Thanks.
Mageia 3 updated to 1.10.9. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The Catapult DCT2000 and IrDA dissectors could underrun a buffer (CVE-2014-5161, CVE-2014-5162). The GSM Management dissector could crash (CVE-2014-5163). The RLC dissector could crash (CVE-2014-5164). The ASN.1 BER dissector could crash (CVE-2014-5165). The wireshark package has been updated to version 1.10.9 to fix these issues and other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165 https://www.wireshark.org/security/wnpa-sec-2014-08.html https://www.wireshark.org/security/wnpa-sec-2014-09.html https://www.wireshark.org/security/wnpa-sec-2014-10.html https://www.wireshark.org/security/wnpa-sec-2014-11.html http://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html http://www.wireshark.org/news/20140731.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.10.9-1.mga3 libwireshark3-1.10.9-1.mga3 libwiretap3-1.10.9-1.mga3 libwsutil3-1.10.9-1.mga3 libwireshark-devel-1.10.9-1.mga3 wireshark-tools-1.10.9-1.mga3 tshark-1.10.9-1.mga3 rawshark-1.10.9-1.mga3 dumpcap-1.10.9-1.mga3 wireshark-1.10.9-1.mga4 libwireshark3-1.10.9-1.mga4 libwiretap3-1.10.9-1.mga4 libwsutil3-1.10.9-1.mga4 libwireshark-devel-1.10.9-1.mga4 wireshark-tools-1.10.9-1.mga4 tshark-1.10.9-1.mga4 rawshark-1.10.9-1.mga4 dumpcap-1.10.9-1.mga4 from SRPMS: wireshark-1.10.9-1.mga3.src.rpm wireshark-1.10.9-1.mga4.src.rpm
CC: qa-bugs => (none)Assignee: bugsquad => qa-bugs
Procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
CC: (none) => remiWhiteboard: MGA3TOO => MGA3TOO has_procedure
Fedora has issued an advisory for this on August 1: https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136358.html
URL: (none) => http://lwn.net/Vulnerabilities/608200/
Testing complete Mageia 3 i586 and Mageia 4 i586. Captures work fine with wireshark, PoCs from upstream cause no crashes.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK
Testing complete Mageia 4 x86_64 following the QA procedure on the wiki. I just wonder about the use of wireshark (not really a QA question btw, but some of you might know the answer): it seems meant to be run as normal user, but if you do so no interfaces are available for capture. All interfaces are there when you run wireshark as root, but then you get notified of Lua errors raised by your use of the root account (dofile() is deactivated, etc.). I understand that some configuration might be needed to make interfaces available to the normal user, and that our running of wireshark as root is just to speed up the testing process; still, shouldn't the "normal user" configuration be part of the RPM installation? Is it expected that the user should do all the configuration manually?
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK
Ok forget my comment, there are detailed explanations about this when installing the package: >>> Since Mageia 3 there are two ways of using Wireshark/Tshark: 1. Using dumpcap without allowing non-root users to capture packets Only root user will be able to capture packets. It is advised to capture packets with the bundled dumpcap program as root and then run Wireshark/Tshark as an ordinary user to analyze the captured logs. [2] This is the default. 2. Using dumpcap and allowing non-root users to capture packets Members of the wireshark group will be able to capture packets on network interfaces. This is the preferred way of installation if Wireshark/Tshark will be used for capturing and displaying packets at the same time, since that way only the dumpcap process has to be run with elevated privileges thanks to the privilege separation [1]. Note that no user will be added to group wireshark automatically, the system administrator has to add them manually. [1] http://wiki.wireshark.org/Development/PrivilegeSeparation [2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges <<<
Just two little issues, hardly blocking: - The windows title of the wireshark GUI says "[Wireshark 1.10.9 (Git Rev Unknown from Unknown)]". - Whenever I start "wireshark" in the terminal, I guess this output: "nl80211 not found." and then it starts.
(In reply to Rémi Verschelde from comment #8) > Testing complete Mageia 4 x86_64 following the QA procedure on the wiki. > s/Mageia 4/Mageia 3/
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK MGA4-32-OK
Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK MGA4-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK MGA4-32-OK advisoryCC: (none) => sysadmin-bugs
(In reply to Rémi Verschelde from comment #10) > Just two little issues, hardly blocking: > - The windows title of the wireshark GUI says "[Wireshark 1.10.9 (Git Rev > Unknown from Unknown)]". Maybe because it's a stable release and not a snapshot? Not sure. > - Whenever I start "wireshark" in the terminal, I guess this output: > "nl80211 not found." and then it starts. Hmm, yeah I got that on Mageia 3 (not Mageia 4). Did some looking around and can't find an apparent reason for it. Maybe an issue with older libnl3 or kernel versions.
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0326.html
Status: NEW => RESOLVEDResolution: (none) => FIXED