21315 – wireshark new release 2.0.14 fixes security issues

Bug 21315 - wireshark new release 2.0.14 fixes security issues

Summary: wireshark new release 2.0.14 fixes security issues

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	has_procedure MGA5-32-OK MGA5-64-OK a...
Keywords:	validated_update

Depends on:	21314
Blocks:
	Show dependency tree / graph

Reported:	2017-07-22 01:29 CEST by David Walser
Modified:	2017-07-26 01:25 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	wireshark-2.0.13-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-07-22 01:29:23 CEST

Upstream has released new versions on July 18:
https://www.wireshark.org/news/20170718.html

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The wireshark package has been updated to version 2.0.14, which fixes several
security issues where a malformed packet trace could cause it to crash or go
into an infinite loop, and fixes several other bugs as well.  See the release
notes for details.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11411
https://www.wireshark.org/security/wnpa-sec-2017-13.html
https://www.wireshark.org/security/wnpa-sec-2017-28.html
https://www.wireshark.org/security/wnpa-sec-2017-34.html
https://www.wireshark.org/security/wnpa-sec-2017-35.html
https://www.wireshark.org/security/wnpa-sec-2017-36.html
https://www.wireshark.org/security/wnpa-sec-2017-37.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.14.html
https://www.wireshark.org/news/20170718.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.0.14-1.mga5
libwireshark7-2.0.14-1.mga5
libwiretap5-2.0.14-1.mga5
libwsutil6-2.0.14-1.mga5
libwireshark-devel-2.0.14-1.mga5
wireshark-tools-2.0.14-1.mga5
tshark-2.0.14-1.mga5
rawshark-2.0.14-1.mga5
dumpcap-2.0.14-1.mga5

wireshark-2.0.14-1.mga5.src.rpm

Comment 1 David Walser 2017-07-22 01:30:01 CEST

Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Whiteboard: (none) => has_procedure
Depends on: (none) => 21314

Comment 2 Herman Viaene 2017-07-24 15:27:28 CEST

MGA5-32 on Asus A6000VM Xfce
No installation issues.
Trying to run from testprocedure, but something I do not get.
Refer to my previous testing on bug 19535 Comment 8, I quote:
"wireshark -n wiresharktest : creates wiresharktest file with data"
Now the file wiresharktest exist but is empty before the test, and still is after. Testdata saved in wiresharktest.pcapng as per defaults in wireshark after selecting the wifi interface in the capture options.

Similar with second test : now "tshark -nr wiresharktest" just does not return anything, not on the CLI, not in the file.
Subsequent test using the wiresharktest.pcapng file are OK
$ editcap -r wiresharktest.pcapng wiresharktest50 1-50
file created OK
$ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50 
mergecap: wiresharktest.pcapng is type Wireshark/... - pcapng.
mergecap: wiresharktest50 is type Wireshark/... - pcapng.
mergecap: selected frame_type Ethernet (ether)
mergecap: ready to merge records
Record: 1
Record: 2
Record: 3
Record: 4
Record: 5
Record: 6
Record: 7
Record: 8
Record: 9
Record: 10
Record: 11
Record: 12
Record: 13
Record: 14
Record: 15
Record: 16
mergecap: merging complete
]$ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
Number of packets:   8
and some more ......

I asked already in bug 20170 Comment 3 about this wiresharktest file in the QA wiki, but ???????

As I cannot find anything real at fault OK for me.

Whiteboard: has_procedure => has_procedure MGA5-32-OK
CC: (none) => herman.viaene

Comment 3 Lewis Smith 2017-07-24 23:29:39 CEST

Testing Mageia 5 64-bit

From the Tshark references in Comment 0, there are a number of sample .pcap files:
 clusterfuzz-testcase-minimized-4504163348119552.pcap
 clusterfuzz-testcase-minimized-5984186735263744.pcap
 clusterfuzz-testcase-minimized-6037307087912960.pcap
 fuzz-2017-04-15-11942.pcap
 fuzz-2017-06-11-30708.pcap ****
 fuzz-2017-06-12-15905.pcap
 udp_busyloop_with_memory_usage.pcap

I ran
 $ tshark -nr <filename> >> <before|after>
for each example before & after the updates to:
 lib64wsutil6-2.0.14-1.mga5
 rawshark-2.0.14-1.mga5
 dumpcap-2.0.14-1.mga5
 lib64wiretap5-2.0.14-1.mga5
 wireshark-tools-2.0.14-1.mga5
 tshark-2.0.14-1.mga5
 lib64wireshark7-2.0.14-1.mga5
 wireshark-2.0.14-1.mga5
Which proved almost nothing! All results were identical except for 30708 which showed 4 different lines in different places. No 'visible' looping anywhere.

So I ran the prescribed series of commands from the procedure. To get a start file, I just used Wireshark to start (then stop) capturing some generated traffic. It picked the Ethernet interface, and created a capture file in /tmp/ whose name & details are given in Statistics-Capture file properties. I changed it to 'wireshark'.

 $ tshark -nr wiresharktest
dumps it to the console.

 $ editcap -r wireshark wireshark50 1-50
creates a subset file, *no console O/P* (as shown in the procedure).
 $ ls -l
 -rw-r--r-- 1 lewis lewis    7792 Gor  24 22:58 wireshark50

 $ mergecap -v -w wsmerged wireshark wireshark50
produced a lot of Record: xxx lines, ending "mergecap: merging complete".
 $ ls -l
 -rw------- 1 lewis lewis  307672 Gor  24 22:42 wireshark
 -rw-r--r-- 1 lewis lewis    7792 Gor  24 22:58 wireshark50
 -rw-r--r-- 1 lewis lewis  315252 Gor  24 22:59 wsmerged
Result viewable with Wireshark.

 $ randpkt -b 500 -t dns wireshark_dns.pcap
No console O/P, but creates the file:
 $ ls -l
 -rw-r--r-- 1 lewis lewis  292801 Gor  24 22:50 wireshark_dns.pcap
of 1000 records viewable with Wireshark, many failures therein, unsure of their significance.

 $ dftest ip
 Filter: "ip"
 Constants:
 Instructions:
 00000 CHECK_EXISTS	ip
 00001 RETURN
similar (not identical) to the example.

 $ capinfos wiresharkt50
File name:           wireshark50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
Number of packets:   50
File size:           7792 bytes
Data size:           5984 bytes
...
Capture application: Editcap 2.0.14
Number of interfaces in file: 1
Interface #0 info:
                     Name = enp4s0
...
All looks sensible. See no reason not to OK the update; & validate it.
Advisory to follow.

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK
Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Lewis Smith 2017-07-25 09:01:03 CEST

Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory

Comment 4 Mageia Robot 2017-07-26 00:08:09 CEST

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0219.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 David Walser 2017-07-26 01:25:32 CEST

So I guess the updates pushing script doesn't check for blockers anymore...

Note You need to log in before you can comment on or make changes to this bug.