Upstream has released version 1.12.6 on June 17: https://www.wireshark.org/news/20150617.html Right now that URL is showing a fail whale/shark (haha) and the 1.10.15 tarball (for the Mageia 4 update) is not available. I'm not sure if 1.10 is EOL already. The 1.12.6 update is checked into Cauldron SVN. It will need to be checked into Mageia 5 SVN once it is branched. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Only Mageia 5 (Wireshark 1.12.x) is affected, so there's no 1.10 update.
Whiteboard: MGA5TOO, MGA4TOO => MGA5TOO
Updated packages uploaded for Mageia 5 and Cauldron. Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark Advisory: ======================== Updated wireshark packages fix security vulnerabilities: WCCP dissector crash (wnpa-sec-2015-19). GSM DTAP dissector crash (wnpa-sec-2015-20). References: https://www.wireshark.org/security/wnpa-sec-2015-19.html https://www.wireshark.org/security/wnpa-sec-2015-20.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.6.html https://www.wireshark.org/news/20150617.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.12.6-1.mga5 libwireshark5-1.12.6-1.mga5 libwiretap4-1.12.6-1.mga5 libwsutil4-1.12.6-1.mga5 libfiletap0-1.12.6-1.mga5 libwireshark-devel-1.12.6-1.mga5 wireshark-tools-1.12.6-1.mga5 tshark-1.12.6-1.mga5 rawshark-1.12.6-1.mga5 dumpcap-1.12.6-1.mga5 from wireshark-1.12.6-1.mga5.src.rpm
Version: Cauldron => 5Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO => has_procedure
Debian has issued an advisory for this on June 23: https://www.debian.org/security/2015/dsa-3294 There are now CVEs. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: WCCP dissector crash (CVE-2015-4651). GSM DTAP dissector crash (CVE-2015-4652). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4652 https://www.wireshark.org/security/wnpa-sec-2015-19.html https://www.wireshark.org/security/wnpa-sec-2015-20.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.6.html https://www.wireshark.org/news/20150617.html
URL: (none) => http://lwn.net/Vulnerabilities/649225/
I ran tshark -nVxr on the two pcap files attached to the upstream bugs and that ran with no problems. I also capture packets using dumpcap and decoded them using tshark. Mageia 5 i586.
Whiteboard: has_procedure => has_procedure MGA5-32-OK
Advisory committed to svn. Someone from the sysadmin team please push 16141.adv to updates.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0264.html
Status: NEW => RESOLVEDResolution: (none) => FIXED