Upstream has released new versions today (March 4): https://www.wireshark.org/news/20150304.html Freeze push requested for Cauldron for 1.12.4. Updated package uploaded for Mageia 4. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The WCP dissector could crash (CVE-2015-2188). The pcapng file parser could crash (CVE-2015-2189). The TNEF dissector could go into an infinite loop (CVE-2015-2191). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2191 https://www.wireshark.org/security/wnpa-sec-2015-07.html https://www.wireshark.org/security/wnpa-sec-2015-08.html https://www.wireshark.org/security/wnpa-sec-2015-10.html https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html https://www.wireshark.org/news/20150304.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.10.13-1.mga4 libwireshark3-1.10.13-1.mga4 libwiretap3-1.10.13-1.mga4 libwsutil3-1.10.13-1.mga4 libwireshark-devel-1.10.13-1.mga4 wireshark-tools-1.10.13-1.mga4 tshark-1.10.13-1.mga4 rawshark-1.10.13-1.mga4 dumpcap-1.10.13-1.mga4 from wireshark-1.10.13-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Whiteboard: (none) => has_procedure
Version: Cauldron => 4
Opened the 3 PoC files and scrolled through all the packets in Wireshark, no issues. Did a capture and analysis, worked fine. Testing complete Mageia 4 i586.
Whiteboard: has_procedure => has_procedure MGA4-32-OK
OpenSuSE has issued an advisory for this today (March 13): http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
URL: (none) => http://lwn.net/Vulnerabilities/636686/
In VirtualBox, M4, KDE, 64-bit Package(s) under test: wireshark lib64wireshark3 default install of wireshark & lib64wireshark3 [root@localhost wilcal]# urpmi wireshark Package wireshark-1.10.12-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wireshark3 Package lib64wireshark3-1.10.12-1.mga4.x86_64 is already installed Running wireshark I can capture and save to a file all the traffic on enp0s3. And then open that previously created file and review the data. install wireshark from updates_testing [root@localhost wilcal]# urpmi wireshark Package wireshark-1.10.13-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wireshark3 Package lib64wireshark3-1.10.13-1.mga4.x86_64 is already installed Running wireshark I can capture and save to a file all the traffic on enp0s3. And then open that previously created file and review the data. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
CC: (none) => wilcal.intWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0117.html
Status: NEW => RESOLVEDResolution: (none) => FIXED