Upstream has released version 1.12.8 today (October 14): https://www.wireshark.org/news/20151014.html Updated package uploaded for Mageia 5. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: In Wireshark before 1.12.8, the pcapng file parser could crash while copying an interface filter. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file (CVE-2015-7830). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7830 https://www.wireshark.org/security/wnpa-sec-2015-30.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html https://www.wireshark.org/news/20151014.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.12.8-1.mga5 wireshark-common-1.12.8-1.mga5 wireshark-gtk-1.12.8-1.mga5 libwireshark5-1.12.8-1.mga5 libwiretap4-1.12.8-1.mga5 libwsutil4-1.12.8-1.mga5 libfiletap0-1.12.8-1.mga5 libwireshark-devel-1.12.8-1.mga5 wireshark-tools-1.12.8-1.mga5 tshark-1.12.8-1.mga5 rawshark-1.12.8-1.mga5 dumpcap-1.12.8-1.mga5 from wireshark-1.12.8-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark Also, for the PoC here: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11455 tshark -r id:000001,sig:11,src:000000,op:flip1,pos:160 gives: 1 0.000000000 -> UNKNOWN 73 WTAP_ENCAP = 0 2 0.104258420 -> UNKNOWN 246 WTAP_ENCAP = 0 Segmentation fault
Whiteboard: (none) => has_procedure
No more segfault with the PoC after the update, and capture and analysis with Wireshark works fine. Mageia 5 i586.
Whiteboard: has_procedure => has_procedure MGA5-32-OK
Testing complete mga5 64 Before ------ $ tshark -r id_000001,sig_11,src_000000,op_flip1,pos_160.bin 1 0.000000000 -> UNKNOWN 73 WTAP_ENCAP = 0 2 0.104258420 -> UNKNOWN 246 WTAP_ENCAP = 0 Segmentation fault After ----- $ tshark -r id_000001,sig_11,src_000000,op_flip1,pos_160.bin 1 0.000000000 -> UNKNOWN 73 WTAP_ENCAP = 0 2 0.104258420 -> UNKNOWN 246 WTAP_ENCAP = 0 Validating. Advisory to upload.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK mga5-64-okCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: has_procedure MGA5-32-OK mga5-64-ok => has_procedure advisory MGA5-32-OK mga5-64-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0403.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/661059/