Upstream has released new versions on November 12: https://www.wireshark.org/news/20141112.html Freeze push requested for Cauldron for 1.12.2. Updated packages uploaded for Mageia 3 and Mageia 4. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: SigComp UDVM buffer overflow (CVE-2014-8710). AMQP crash (CVE-2014-8711). NCP crashes (CVE-2014-8712, CVE-2014-8713). TN5250 infinite loops (CVE-2014-8714). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8713 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8714 https://www.wireshark.org/security/wnpa-sec-2014-20.html https://www.wireshark.org/security/wnpa-sec-2014-21.html https://www.wireshark.org/security/wnpa-sec-2014-22.html https://www.wireshark.org/security/wnpa-sec-2014-23.html https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html https://www.wireshark.org/news/20141112.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.10.11-1.mga3 libwireshark3-1.10.11-1.mga3 libwiretap3-1.10.11-1.mga3 libwsutil3-1.10.11-1.mga3 libwireshark-devel-1.10.11-1.mga3 wireshark-tools-1.10.11-1.mga3 tshark-1.10.11-1.mga3 rawshark-1.10.11-1.mga3 dumpcap-1.10.11-1.mga3 wireshark-1.10.11-1.mga4 libwireshark3-1.10.11-1.mga4 libwiretap3-1.10.11-1.mga4 libwsutil3-1.10.11-1.mga4 libwireshark-devel-1.10.11-1.mga4 wireshark-tools-1.10.11-1.mga4 tshark-1.10.11-1.mga4 rawshark-1.10.11-1.mga4 dumpcap-1.10.11-1.mga4 from SRPMS: wireshark-1.10.11-1.mga3.src.rpm wireshark-1.10.11-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Whiteboard: (none) => MGA3TOO has_procedure
Ran a capture and looked at some packets. Analyzed the pcap PoC files from the wireshark.org bugs with tshark -nVxr and none of them crashed. Testing complete Mageia 3 i586 and Mageia 4 i586.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK
Mageia 4 64-bit on AMD Phenom Quadcore. Wireshark starts normally and i can access all items, and a capture session works (started Firefox). However, there is a snag: the screen of the capture options extends below the screen resolution, so I can guess there are an OK and Cancel button hidden below, but there is no way I can see these. I have to guess and tab to hit the OK button.
CC: (none) => herman.viaene
Forgot: I can resize the width of the "capture options" window, but not its heigth.
This is a known bug in Wireshark (bug8907) and is reported to be fixed in their version 1.12.x
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA-64
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA-64 => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA-64-OK
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK
Validating, advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK advisoryCC: (none) => remi, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0471.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/622618/