Upstream has released new versions on January 11: https://www.wireshark.org/news/20180111.html Updated package uploaded for Mageia 6. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The MRDISC dissector could crash (CVE-2017-17997). The IxVeriWave file parser could crash (CVE-2018-5334). The WCP dissector could crash (CVE-2018-5335). Multiple dissectors could crash (CVE-2018-5336). Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpf_jit_enable sysctl. This could make systems more vulnerable to Spectre variant 1 and this feature has been removed (CVE-2017-5753). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5336 https://www.wireshark.org/security/wnpa-sec-2018-01.html https://www.wireshark.org/security/wnpa-sec-2018-02.html https://www.wireshark.org/security/wnpa-sec-2018-03.html https://www.wireshark.org/security/wnpa-sec-2018-04.html https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html https://www.wireshark.org/news/20180111.html ======================== Updated packages in core/updates_testing: ======================== wireshark-2.2.12-1.mga6 libwireshark8-2.2.12-1.mga6 libwiretap6-2.2.12-1.mga6 libwscodecs1-2.2.12-1.mga6 libwsutil7-2.2.12-1.mga6 libwireshark-devel-2.2.12-1.mga6 wireshark-tools-2.2.12-1.mga6 tshark-2.2.12-1.mga6 rawshark-2.2.12-1.mga6 dumpcap-2.2.12-1.mga6 from wireshark-2.2.12-1.mga6.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Keywords: (none) => has_procedure
Mageia 6 :: x86_64 Installed several packages then updated cleanly to: - dumpcap - lib64wireshark-devel-2.2.12-1.mga6.x86_64 - lib64wireshark8-2.2.12-1.mga6.x86_64 - lib64wiretap6-2.2.12-1.mga6.x86_64 - lib64wscodecs1-2.2.12-1.mga6.x86_64 - lib64wsutil7-2.2.12-1.mga6.x86_64 - rawshark-2.2.12-1.mga6.x86_64 - tshark-2.2.12-1.mga6.x86_64 - wireshark-2.2.12-1.mga6.x86_64 - wireshark-tools # dumpcap -a duration:60 Capturing on 'enp3s0' File: /tmp/wireshark_enp3s0_20180112115205_dyBIV1.pcapng Packets captured: 150 Packets received/dropped on interface 'enp3s0': 150/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%) # exit $ wireshark -n wireshark_enp3s0_20180112115205_dyBIV1.pcapng QXcbConnection: XCB error: 146 (Unknown), sequence: 198, resource id: 0, major code: 139 (Unknown), minor code: 20 The interface came up with a listing of the packets captured from the ethernet adapter and a frame dump of the first one. Scanned through the list and noted packets for NFS, TCP, STP and MDNS. Renamed the pcap file then $ tshark -nr wiresharktest 1 0.000000000 14:dd:a9:99:18:f8 → 01:80:c2:00:00:00 STP 60 Conf. Root = 32768/0/14:dd:a9:99:18:f8 Cost = 0 Port = 0x8001 2 0.018389954 192.168.1.156 → 255.255.255.255 DB-LSP-DISC 175 Dropbox LAN sync Discovery Protocol ............................... which is a terminal based description of the various transactions. $ editcap -r wiresharktest wiresharktest50 1-50 $ ll wireshark* -rw-rw-r-- 1 lcl lcl 15920 Jun 9 2016 wireshark_1 -rw------- 1 lcl lcl 32752 Jan 12 11:56 wireshark_enp3s0_20180112115205_dyBIV1.pcapng -rw------- 1 lcl lcl 32752 Jan 12 12:04 wiresharktest -rw-r--r-- 1 lcl lcl 6668 Jan 12 12:09 wiresharktest50 $ mergecap -v -w wiresharkmerged wiresharktest wiresharktest50 mergecap: wiresharktest is type Wireshark/... - pcapng. mergecap: wiresharktest50 is type Wireshark/... - pcapng. mergecap: selected frame_type Ethernet (ether) mergecap: ready to merge records Record: 1 .................................... Record: 200 mergecap: merging complete $ randpkt -b 500 -t dns wireshark_dns.pcap Running the output file through wireshark revealed dozens of malformed packets. $ dftest ip Filter: "ip" dfilter ptr = 0x031faee0 00000 CHECK_EXISTS ip 00001 RETURN $ capinfos wiresharktest File name: wiresharktest File type: Wireshark/... - pcapng File encapsulation: Ethernet File timestamp precision: nanoseconds (9) Packet size limit: file hdr: (not set) Number of packets: 150 File size: 32 kB Data size: 27 kB Capture duration: 58.000001411 seconds First packet time: 2018-01-12 11:52:05.864625863 ........................... At beginner's level this does seem to work.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Thank you Len for an instant test! Validating, Advisory done.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0071.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED