Upstream has released new versions on October 10: https://www.wireshark.org/news/20171010.html Updated package uploaded for Mageia 6. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: DMP dissector crash (CVE-2017-15191). BT ATT dissector crash (CVE-2017-15192). MBIM dissector crash (CVE-2017-15193). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15193 https://www.wireshark.org/security/wnpa-sec-2017-42.html https://www.wireshark.org/security/wnpa-sec-2017-43.html https://www.wireshark.org/security/wnpa-sec-2017-44.html https://www.wireshark.org/docs/relnotes/wireshark-2.2.10.html https://www.wireshark.org/news/20171010.html ======================== Updated packages in core/updates_testing: ======================== wireshark-2.2.10-1.mga6 libwireshark8-2.2.10-1.mga6 libwiretap6-2.2.10-1.mga6 libwscodecs1-2.2.10-1.mga6 libwsutil7-2.2.10-1.mga6 libwireshark-devel-2.2.10-1.mga6 wireshark-tools-2.2.10-1.mga6 tshark-2.2.10-1.mga6 rawshark-2.2.10-1.mga6 dumpcap-2.2.10-1.mga6 from wireshark-2.2.10-1.mga6.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Whiteboard: (none) => has_procedure
VE-2017-15191 (DMP dissector crash) ==================================== Test (POC from related upstream bug 14068): > tshark -Vxr clusterfuzz-testcase-minimized-4674256493346816.pcap Pre-Update on MGA6-x86_64 (lib64wireshark8-2.2.9-1.mga6): No obvious problem Post-Update on MGA6-x86_64: (lib64wireshark8-2.2.10-1.mga6) No obvious problem CVE-2017-15192 (BT ATT dissector crash) ======================================= Test (POC from related upstream bug 14049) > tshark -Vxr clusterfuzz-testcase-minimized-4559062802890752.pcap Pre-Update on MGA6-x86_64 (lib64wireshark8-2.2.9-1.mga6): Segfault/Core dump Post-Update on MGA6-x86_64 (lib64wireshark8-2.2.10-1.mga6) No obvious problem CVE-2017-15193 (MBIM dissector crash) ===================================== Test (POC from related upstream bug 14056) > tshark -Vxr fuzz-2017-09-10-28159.pcap Pre-Update on MGA6-x86_64 (lib64wireshark8-2.2.9-1.mga6): No obvious problem Post-Update on MGA6-x86_64: (lib64wireshark8-2.2.10-1.mga6) No obvious problem
CC: (none) => digidietzeWhiteboard: has_procedure => has_procedure, MGA6-64-OK
In VirtualBox, M6, Plasma, 32-bit Package(s) under test: wireshark libwireshark8 libwiretap6 libwsutil7 wireshark-tools tshark Assign wilcal to the wireshark group, restart wilcal. default install of : [root@localhost wilcal]# urpmi wireshark Package wireshark-2.2.9-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libwireshark8 Package libwireshark8-2.2.9-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libwiretap6 Package libwiretap6-2.2.9-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libwsutil7 Package libwsutil7-2.2.9-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi wireshark-tools Package wireshark-tools-2.2.9-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi tshark Package tshark-2.2.9-1.mga6.i586 is already installed Running wireshark I can capture and save to a file (test01.pcapng) the traffic on enp0s3. Close wireshark. I can reopen test01.pcapng with wireshark and review the data. wireshark tools like tshark work: tshark >> test01.txt works Capturing on 'enp0s3' 5508 ^Z ( captured lines ) [1]+ Stopped tshark >> test01.txt Set a filter: ip.src == 192.168.1.65 ( this system ) ip.addr == 192.168.1.70 ( Yamaha receiver ) Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70 Filter works. install wireshark libwireshark7 libwiretap5 libwsutil6 wireshark-tools tshark from updates_testing [root@localhost wilcal]# urpmi wireshark Package wireshark-2.2.10-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libwireshark8 Package libwireshark8-2.2.10-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libwiretap6 Package libwiretap6-2.2.10-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libwsutil7 Package libwsutil7-2.2.10-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi wireshark-tools Package wireshark-tools-2.2.10-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi tshark Package tshark-2.2.10-1.mga6.i586 is already installed Running wireshark I can capture and save to a file (test02.pcapng) the traffic on enp0s3. Close wireshark. Reopen test01.pcapng & test02.pcapng with wireshark and review the data. wireshark tools like tshark work: tshark >> test02.txt works Capturing on 'enp0s3' 3878 ^Z ( captured lines ) [1]+ Stopped tshark >> test02.txt Set a filter: ip.src == 192.168.1.65 ( this system ) ip.addr == 192.168.1.70 ( Yamaha receiver ) Set filter to: not ip.addr == 192.168.1.65 and not ip.src == 192.168.1.70 Filter works.
CC: (none) => wilcal.int
Whiteboard: has_procedure, MGA6-64-OK => has_procedure, MGA6-32-OK MGA6-64-OK
This update works fine. Testing complete for MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0374.html
Status: NEW => RESOLVEDResolution: (none) => FIXED