Upstream has released new versions on May 12: https://www.wireshark.org/news/20150512.html Freeze push requested for Cauldron for 1.12.5. Updated package uploaded for Mageia 4. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The WCP dissector could crash while decompressing data (CVE-2015-3811). The X11 dissector could leak memory (CVE-2015-3812). The IEEE 802.11 dissector could go into an infinite loop (CVE-2015-3814). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3811 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3814 https://www.wireshark.org/security/wnpa-sec-2015-14.html https://www.wireshark.org/security/wnpa-sec-2015-15.html https://www.wireshark.org/security/wnpa-sec-2015-17.html https://www.wireshark.org/docs/relnotes/wireshark-1.10.14.html https://www.wireshark.org/news/20150512.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.10.14-1.mga4 libwireshark3-1.10.14-1.mga4 libwiretap3-1.10.14-1.mga4 libwsutil3-1.10.14-1.mga4 libwireshark-devel-1.10.14-1.mga4 wireshark-tools-1.10.14-1.mga4 tshark-1.10.14-1.mga4 rawshark-1.10.14-1.mga4 dumpcap-1.10.14-1.mga4 from wireshark-1.10.14-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Whiteboard: (none) => has_procedure
I dissected the three PoC pcap files with tshark -nVxr and had no issues. Doing a capture and analysis with Wireshark works fine too. Testing complete Mageia 4 i586.
Whiteboard: has_procedure => has_procedure MGA4-32-OK
Works fine on x86-64 - my Acer Laptop.
CC: (none) => shlomifWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0223.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/644512/