Upstream has released new versions today (January 7): https://www.wireshark.org/news/20150107.html Freeze push requested for Cauldron for 1.12.3. Updated package uploaded for Mageia 4. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562). The SMTP dissector could crash (CVE-2015-0563). Wireshark could crash while decypting TLS/SSL sessions (CVE-2015-0564). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564 https://www.wireshark.org/security/wnpa-sec-2015-03.html https://www.wireshark.org/security/wnpa-sec-2015-04.html https://www.wireshark.org/security/wnpa-sec-2015-05.html https://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html https://www.wireshark.org/news/20150107.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.10.12-1.mga4 libwireshark3-1.10.12-1.mga4 libwiretap3-1.10.12-1.mga4 libwsutil3-1.10.12-1.mga4 libwireshark-devel-1.10.12-1.mga4 wireshark-tools-1.10.12-1.mga4 tshark-1.10.12-1.mga4 rawshark-1.10.12-1.mga4 dumpcap-1.10.12-1.mga4 from wireshark-1.10.12-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Whiteboard: (none) => has_procedure
I was able to open the PoC files from wnpa-sec-2015-03 and wnpa-sec-2015-04 and scroll though them in wireshark just fine, and run a capture. OK for Mageia 4 i586.
Whiteboard: has_procedure => has_procedure MGA4-32-OK
In Whiteboard: MGA4-64-OK In VirtualBox, M4, KDE, 64-bit Package(s) under test: wireshark lib64wireshark3 default install of wireshark & lib64wireshark3 [root@localhost wilcal]# urpmi wireshark Package wireshark-1.10.11-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wireshark3 Package lib64wireshark3-1.10.11-1.mga4.x86_64 is already installed Running wireshark as root I can capture and save to a file all the traffic on enp0s3. And then open that previously created file and review the data. install wireshark from updates_testing [root@localhost wilcal]# urpmi wireshark Package wireshark-1.10.12-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wireshark3 Package lib64wireshark3-1.10.12-1.mga4.x86_64 is already installed Running wireshark as root I can capture and save to a different file all the traffic on enp0s3. And then read any previously captured data. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
CC: (none) => wilcal.int
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
Advisory uploaded. First 2015 CVE's.
Whiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK
The first for us, but they're already at 500+?! That will be a busy year :-)
CC: (none) => remi
(In reply to Rémi Verschelde from comment #6) > The first for us, but they're already at 500+?! That will be a busy year :-) No, that's not how it works. They're allocated in blocks and different organizations assign ones from different blocks. MITRE started theirs at 0500, someone else owns 0001+.
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0019.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/629244/
This also fixed CVE-2015-0559, CVE-2015-0560, and CVE-2015-0561 that were fixed in 1.12.3. Upstream failed to list them in the 1.10.12 release notes. https://www.wireshark.org/security/wnpa-sec-2015-01.html https://www.wireshark.org/security/wnpa-sec-2015-02.html LWN reference: http://lwn.net/Vulnerabilities/630471/