Upstream has released new versions on February 26: https://www.wireshark.org/news/20160226.html Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: ASN.1 BER dissector crash (CVE-2016-2522). DNP dissector infinite loop (CVE-2016-2523). X.509AF dissector crash (CVE-2016-2524). HTTP/2 dissector crash (CVE-2016-2525). HiQnet dissector crash (CVE-2016-2526). 3GPP TS 32.423 Trace file parser crash (CVE-2016-2527). LBMC dissector crash (CVE-2016-2528). iSeries file parser crash (CVE-2016-2529). RSL dissector crash (CVE-2016-2530, CVE-2016-2531). LLRP dissector crash (CVE-2016-2532). The wireshark package has been updated to version 2.0.2, fixing these issues as well as other dissector crashes, a dissector loop issue, another file parser crash, and several other bugs. See the upstream release notes for details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2526 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2532 https://www.wireshark.org/security/wnpa-sec-2016-02.html https://www.wireshark.org/security/wnpa-sec-2016-03.html https://www.wireshark.org/security/wnpa-sec-2016-04.html https://www.wireshark.org/security/wnpa-sec-2016-05.html https://www.wireshark.org/security/wnpa-sec-2016-06.html https://www.wireshark.org/security/wnpa-sec-2016-07.html https://www.wireshark.org/security/wnpa-sec-2016-08.html https://www.wireshark.org/security/wnpa-sec-2016-09.html https://www.wireshark.org/security/wnpa-sec-2016-10.html https://www.wireshark.org/security/wnpa-sec-2016-11.html https://www.wireshark.org/security/wnpa-sec-2016-12.html https://www.wireshark.org/security/wnpa-sec-2016-13.html https://www.wireshark.org/security/wnpa-sec-2016-14.html https://www.wireshark.org/security/wnpa-sec-2016-15.html https://www.wireshark.org/security/wnpa-sec-2016-16.html https://www.wireshark.org/security/wnpa-sec-2016-17.html https://www.wireshark.org/security/wnpa-sec-2016-18.html https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html https://www.wireshark.org/news/20160226.html ======================== Updated packages in core/updates_testing: ======================== wireshark-2.0.2-1.mga5 libwireshark6-2.0.2-1.mga5 libwiretap5-2.0.2-1.mga5 libwsutil6-2.0.2-1.mga5 libwireshark-devel-2.0.2-1.mga5 wireshark-tools-2.0.2-1.mga5 tshark-2.0.2-1.mga5 rawshark-2.0.2-1.mga5 dumpcap-2.0.2-1.mga5 from wireshark-2.0.2-1.mga5.src.rpm
CC: (none) => pf
In VirtualBox, M5, KDE, 32-bit Package(s) under test: wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools default install of wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools [root@localhost wilcal]# urpmi wireshark Package wireshark-2.0.1-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libwireshark6 Package libwireshark6-2.0.1-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libwiretap5 Package libwiretap5-2.0.1-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libwsutil6 Package libwsutil6-2.0.1-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi wireshark-tools Package wireshark-tools-2.0.1-1.mga5.i586 is already installed Running wireshark as root I can capture and save to a file (test01.pcapng) traffic on enp0s3. Close wireshark. Reopen est01.pcapng with wireshark and review the data. install wireshark libwireshark6 libwiretap5 libwsutil6 wireshark-tools from updates_testing [root@localhost wilcal]# urpmi wireshark Package wireshark-2.0.2-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libwireshark6 Package libwireshark6-2.0.2-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libwiretap5 Package libwiretap5-2.0.2-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libwsutil6 Package libwsutil6-2.0.2-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi wireshark-tools Package wireshark-tools-2.0.2-1.mga5.i586 is already installed Running wireshark as root I can capture and save to a new file (test02.pcapng) traffic on enp0s3. And then reopen the previously created test01.pcapng and review the data.
CC: (none) => wilcal.int
In VirtualBox, M5, KDE, 64-bit Package(s) under test: wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6 wireshark-tools default install of wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6 wireshark-tools [root@localhost wilcal]# urpmi wireshark Package wireshark-2.0.1-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wireshark6 Package lib64wireshark6-2.0.1-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wiretap5 Package lib64wiretap5-2.0.1-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wsutil6 Package lib64wsutil6-2.0.1-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi wireshark-tools Package wireshark-tools-2.0.1-1.mga5.x86_64 is already installed Running wireshark as root I can capture and save to a file (test01.pcapng) traffic on enp0s3. Close wireshark. Reopen est01.pcapng with wireshark and review the data. install wireshark lib64wireshark6 lib64wiretap5 lib64wsutil6 wireshark-tools from updates_testing [root@localhost wilcal]# urpmi wireshark Package wireshark-2.0.2-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wireshark6 Package lib64wireshark6-2.0.2-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wiretap5 Package lib64wiretap5-2.0.2-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64wsutil6 Package lib64wsutil6-2.0.2-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi wireshark-tools Package wireshark-tools-2.0.2-1.mga5.x86_64 is already installed Running wireshark as root I can capture and save to a new file (test02.pcapng) traffic on enp0s3. And then reopen the previously created test01.pcapng and review the data.
Looks ok for me. Still cannot see enp0s3 unless your running as root. Even if adding user to wireshark group. Otherwise works for me. Good enough David?
After adding to wireshark group you need to log out and back in again.
See Claire's comment. Also, we generally try to test the PoC's for wireshark. It's not difficult.
Advisory uploaded.
Whiteboard: (none) => has_procedure advisory
After assigning wilcal to the wireshark group and a reboot both the 32 & 64 bit work just fine. wireshark launches from the desktop icon. Good enough?
Good job Bill. Well done for sticking with it. We do usually test PoC's as they usually give them, but this shows no basic regressions and it's a new version rather than patch so it's fine.
Adding the OKs and validating.
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory => has_procedure advisory mga5-32-ok mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0091.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Tested x64 Hmmm. Just a few hours' absence after first trying this, & all is done! BTAIM... (In reply to David Walser from comment #5) > See Claire's comment. Also, we generally try to test the PoC's for > wireshark. It's not difficult. Hmmm again. The best starting point is the Release Note. This has *many* bugFix references, which point to the bugs, which contain one or several example packets to illustrate the fault. Tens of possible tests. It is nicely organised. I tried about a dozen, and before the update most did *not* crash (which is ususally the case). A few seemed to loop. Generic command cited to use: $ tshark -nVxr <path-to-[p]cap-file> After the update, all the test results were the same, for better or worse. Wireshark GUI worked on an ethernet interface. So all I can say in support of the OK is 'no regression'.
CC: (none) => lewyssmith
URL: (none) => http://lwn.net/Vulnerabilities/678634/
CVEs have been assigned for upstream advisories 2016-12 through 2016-18, which had no CVEs before: http://openwall.com/lists/oss-security/2016/05/01/1 CVE-2016-4415 CVE-2016-4416 CVE-2016-4417 CVE-2016-4418 CVE-2016-4419 CVE-2016-4420 CVE-2016-4421