Bug 22643 - wireshark new release 2.2.14 fixes security issues
Summary: wireshark new release 2.2.14 fixes security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on: 22657
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-24 16:10 CET by David Walser
Modified: 2018-05-12 09:21 CEST (History)
5 users (show)

See Also:
Source RPM: wireshark-2.2.12-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-02-24 16:10:06 CET
Upstream has released new versions on February 23:
https://www.wireshark.org/news/20180223.html

Updated package uploaded for Mageia 6.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The SIGCOMP dissector could crash (CVE-2018-7320).

Multiple dissectors could go into large infinite loops. All ASN.1 BER
dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA,
RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were
susceptible (CVE-2018-7321,CVE-2018-7322, CVE-2018-7323, CVE-2018-7324,
CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329,
CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333).

The UMTS MAC dissector could crash (CVE-2018-7334).

The IEEE 802.11 dissector could crash (CVE-2018-7335)

The FCP dissector could crash (CVE-2018-7336).

The IPMI dissector could crash (CVE-2018-7417).

The SIGCOMP dissector could crash (CVE-2018-7418).

The NBAP disssector could crash (CVE-2018-7419).

The pcapng file parser could crash (CVE-2018-7420).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7420
https://www.wireshark.org/security/wnpa-sec-2018-05.html
https://www.wireshark.org/security/wnpa-sec-2018-06.html
https://www.wireshark.org/security/wnpa-sec-2018-07.html
https://www.wireshark.org/security/wnpa-sec-2018-09.html
https://www.wireshark.org/security/wnpa-sec-2018-10.html
https://www.wireshark.org/security/wnpa-sec-2018-11.html
https://www.wireshark.org/security/wnpa-sec-2018-12.html
https://www.wireshark.org/security/wnpa-sec-2018-13.html
https://www.wireshark.org/security/wnpa-sec-2018-14.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html
https://www.wireshark.org/news/20180223.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.2.13-1.mga6
libwireshark8-2.2.13-1.mga6
libwiretap6-2.2.13-1.mga6
libwscodecs1-2.2.13-1.mga6
libwsutil7-2.2.13-1.mga6
libwireshark-devel-2.2.13-1.mga6
wireshark-tools-2.2.13-1.mga6
tshark-2.2.13-1.mga6
rawshark-2.2.13-1.mga6
dumpcap-2.2.13-1.mga6

from wireshark-2.2.13-1.mga6.src.rpm
Comment 1 David Walser 2018-02-24 16:10:20 CET
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Comment 2 PC LX 2018-02-24 23:17:53 CET
Installed and tested without issues.

Testes included:
- Actual use for debugging a WebSocket issue.
- Snooping at net traffic.
- Procedure at https://wiki.mageia.org/en/QA_procedure:Wireshark

System: Mageia 6, x86_64, Plasma DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.


$ uname -a
Linux marte 4.14.20-desktop-1.mga6 #1 SMP Sun Feb 18 01:22:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q wireshark lib64wireshark8 lib64wiretap6 lib64wscodecs1 lib64wsutil7 wireshark-tools tshark rawshark dumpcap | sort
dumpcap-2.2.12-1.mga6
lib64wireshark8-2.2.12-1.mga6
lib64wiretap6-2.2.12-1.mga6
lib64wscodecs1-2.2.12-1.mga6
lib64wsutil7-2.2.12-1.mga6
rawshark-2.2.12-1.mga6
tshark-2.2.12-1.mga6
wireshark-2.2.12-1.mga6
wireshark-tools-2.2.12-1.mga6


root$ dumpcap -i lo -w /tmp/dump.bin
user$ curl http://example.com/ -o
root$ ^C
root$ chmod go+r dump.bin
user$ tshark -nr /tmp/dump.bin
<SNIP LOOKS OK>
user$ wireshark /tmp/dump.bin
<LOOKS OK>
user$ editcap -r /tmp/dump.bin /tmp/dump2.bin 1-10
user$ tshark -nr /tmp/dump.bin
<SNIP 10 LINES LOOKS OK>
$ mergecap -v -w /tmp/dump3.bin /tmp/dump.bin /tmp/dump.bin 
mergecap: /tmp/dump.bin is type Wireshark/... - pcapng.
mergecap: /tmp/dump.bin is type Wireshark/... - pcapng.
<SNIP>
mergecap: merging complete
user$ tshark -nr /tmp/dump.bin
<SNIP LOOKS OK>
user$ randpkt -b 100 -t dns /tmp/dump4.bin
user$ tshark -nr /tmp/dump.bin
<SNIP "Unknown operation" LINES AS EXPECTED>
user$ dftest ip
Filter: "ip"

Constants:

Instructions:
00000 CHECK_EXISTS      ip
00001 RETURN
$ capinfos /tmp/dump.bin 
File name:           /tmp/dump.bin
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
Number of packets:   14
File size:           2520 bytes
Data size:           1745 bytes
Capture duration:    0,230963992 seconds
First packet time:   2018-02-24 21:45:58,080550944
Last packet time:    2018-02-24 21:45:58,311514936
Data byte rate:      7555 bytes/s
Data bit rate:       60 kbps
Average packet size: 124,64 bytes
Average packet rate: 60 packets/s
SHA1:                f6ac95dbe6767f101a21ad41edd3dec28f27685d
RIPEMD160:           948d4a5b13cd0ab56ddd64f69bacbb53dd025571
MD5:                 ff0557a506e1db549175d75dfb904290
Strict time order:   True
Capture oper-sys:    Linux 4.14.20-desktop-1.mga6
Capture application: Dumpcap (Wireshark) 2.2.12 (wireshark-2.2.12)
Number of interfaces in file: 1
Interface #0 info:
                     Name = enp2s0
                     Encapsulation = Ethernet (1/1 - ether)
                     Capture length = 262144
                     Time precision = nanoseconds (9)
                     Time ticks per second = 1000000000
                     Time resolution = 0x09
                     Operating system = Linux 4.14.20-desktop-1.mga6
                     Number of stat entries = 1
                     Number of packets = 14

CC: (none) => mageia

Comment 3 PC LX 2018-02-27 10:30:39 CET
Used wireshark and dumpcat some more and it worked without issues.
Marking it as OK for x86_64.

Whiteboard: (none) => MGA6-64-OK

Lewis Smith 2018-02-28 09:37:44 CET

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2018-02-28 14:56:23 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0151.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 Dave Hodgins 2018-03-01 00:38:27 CET
As Claire noted on the qa-discuss mailing list, the update (from core updates)
can not be installed if the updates testing repos are not enabled.

# urpmi wireshark
A requested package cannot be installed:
wireshark-2.2.13-1.mga6.x86_64 (due to unsatisfied libQt5Core.so.5(Qt_5.9)(64bit))

For wireshark, we'll need a version that doesn't require updates testing qt
packages to work.

David Walser, do you want a new bug report?

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)
CC: (none) => davidwhodgins

Comment 6 David Walser 2018-03-01 00:52:29 CET
No, just pull the update back to testing and we'll push it later.
Comment 7 Dave Hodgins 2018-03-01 01:05:51 CET
Unpush reqested on the sysadmin mailing list.
Comment 8 Dave Hodgins 2018-03-01 18:03:42 CET
Removing the validated update and mga 6 ok tags for now.

Keywords: validated_update => (none)
Whiteboard: MGA6-64-OK => (none)

Comment 9 Dave Hodgins 2018-03-01 18:06:44 CET
Adding the depends on the qt5 update to ensure this update doesn't get repushed
without it.

Depends on: (none) => 22657

Comment 10 William Kenney 2018-03-05 22:44:34 CET
In VirtualBox, M6, KDE, 64-bit

Package(s) under test:
wireshark lib64wireshark8 lib64wiretap6 lib64wsutil7 wireshark-tools tshark

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark8
Package lib64wireshark8-2.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap6
Package lib64wiretap6-2.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil7
Package lib64wsutil7-2.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi qtbase5-common
Package qtbase5-common-5.9.4-1.mga6.x86_64 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test03.txt works
Capturing on 'enp0s3'
6015 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test01.txt

Set a filter:
ip.src == 192.168.0.16          ( this system )
ip.addr == 192.168.0.13         ( Yamaha receiver, barks a lot )
Set filter to: not ip.addr == 192.168.0.16 and not ip.src == 192.168.0.13
Filter works.

install wireshark wireshark lib64wireshark8 lib64wiretap6 lib64wsutil7
wireshark-tools tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.13-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wireshark8
Package lib64wireshark8-2.2.13-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wiretap6
Package lib64wiretap6-2.2.13-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wsutil7
Package lib64wsutil7-2.2.13-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.13-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.13-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi qtbase5-common
Package qtbase5-common-5.9.4-1.mga6.x86_64 is already installed

[wilcal@localhost ~]$ wireshark
This application failed to start because it could not find or load the Qt platform plugin "xcb"
in "".

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, xcb.

Reinstalling the application may fix this problem.
Aborted (core dumped)

What am I doing wrong here?

CC: (none) => wilcal.int

Comment 11 Lewis Smith 2018-03-07 12:04:38 CET
Testing M6/64
with the ongoing Qt5 update 22657 installed.

BEFORE UPDATE:  installed from issued repos:
dumpcap-2.2.12-1.mga6
lib64wireshark8-2.2.12-1.mga6
lib64wiretap6-2.2.12-1.mga6
lib64wscodecs1-2.2.12-1.mga6
lib64wsutil7-2.2.12-1.mga6
rawshark-2.2.12-1.mga6
tshark-2.2.12-1.mga6
wireshark-2.2.12-1.mga6
wireshark-tools-2.2.12-1.mga6
 and added myself to the 'wireshark' group; logout/login.
 Used browser page refresh to generate traffic.

The procedure is not current.
 $ wireshark -n wiresharktest
complains that the file wiresharktest does not exist, but works on-line. On quitting, it allows to save the captured data e.g. to that filename. Better, use
 $ wireshark -n -w wiresharktest
It works from comms to screen & file, and from file to screen:
 $ wireshark -nr wiresharktest

 $ tshark -n
 $ tshark -nr wiresharktest
works default comms interface or file to console.
--------------------------------------------------
AFTER update all 9 packages to version 2.2.13-1 as per comment 0.
Following the procedure in principle.

 $ wireshark -n -w wiresharktest
works fine chosen comms interface to screen & file.
 $ wireshark -n -r wiresharktest
reads & displays the capture file OK.

 $ tshark -n
 Capturing on 'enp4s0'
output fine to console from the comms interface.
 $ tshark -n -r wiresharktest
output fine to console from the pcap file.

 $ editcap -r wiresharktest wiresharktest50 1-50
produced no console O/P as shown in the procedure, but worked:
 $ ls -l wiresharktest*
-rw------- 1 lewis lewis 295868 Maw   7 11:33 wiresharktest
-rw-rw-r-- 1 lewis lewis  26000 Maw   7 11:41 wiresharktest50

Both
 $ tshark -r wiresharktest50
 $ wireshark -r wiresharktest50
displayed the edited file OK.

 $ mergecap -v -w wiresharkmerged wiresharktest wiresharktest50
...  [the beginning scrolled out of sight]
Record: 609
mergecap: merging complete
 -rw-r--r-- 1 lewis lewis 321528 Maw   7 11:48 wiresharkmerged
looks OK.
 $ wireshark -r wiresharkmerged
displayed it OK.

 $ randpkt -b 500 -t dns wireshark_dns.pcap
-rw-rw-r-- 1 lewis lewis 289257 Maw   7 11:53 wireshark_dns.pcap
 $ wireshark wireshark_dns.pcap
displayed it OK, all items red!

 $ dftest ip
Filter: "ip"
Constants:
Instructions:
00000 CHECK_EXISTS	ip
00001 RETURN
 more or less like in the procedure.

 $ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
..... lots more, as per procedure.

This looks good for OK.
Am validating it, knowing it will not be pushed before the dependant Qt update.

Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => validated_update

Comment 12 David Walser 2018-04-08 02:40:26 CEST
Upstream has released new versions on April 3:
https://www.wireshark.org/news/20180403.html

Updated package uploaded for Mageia 6.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The SIGCOMP dissector could crash (CVE-2018-7320).

Multiple dissectors could go into large infinite loops. All ASN.1 BER
dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA,
RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were
susceptible (CVE-2018-7321,CVE-2018-7322, CVE-2018-7323, CVE-2018-7324,
CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329,
CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333).

The UMTS MAC dissector could crash (CVE-2018-7334).

The IEEE 802.11 dissector could crash (CVE-2018-7335)

The FCP dissector could crash (CVE-2018-7336).

The IPMI dissector could crash (CVE-2018-7417).

The SIGCOMP dissector could crash (CVE-2018-7418).

The NBAP disssector could crash (CVE-2018-7419).

The pcapng file parser could crash (CVE-2018-7420).

The MP4, ADB, IEEE 802.15.4, NBAP, VLAN, LWAPP, and Kerberos dissectors could
crash.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7420
https://www.wireshark.org/security/wnpa-sec-2018-05.html
https://www.wireshark.org/security/wnpa-sec-2018-06.html
https://www.wireshark.org/security/wnpa-sec-2018-07.html
https://www.wireshark.org/security/wnpa-sec-2018-09.html
https://www.wireshark.org/security/wnpa-sec-2018-10.html
https://www.wireshark.org/security/wnpa-sec-2018-11.html
https://www.wireshark.org/security/wnpa-sec-2018-12.html
https://www.wireshark.org/security/wnpa-sec-2018-13.html
https://www.wireshark.org/security/wnpa-sec-2018-14.html
https://www.wireshark.org/security/wnpa-sec-2018-15.html
https://www.wireshark.org/security/wnpa-sec-2018-16.html
https://www.wireshark.org/security/wnpa-sec-2018-17.html
https://www.wireshark.org/security/wnpa-sec-2018-18.html
https://www.wireshark.org/security/wnpa-sec-2018-19.html
https://www.wireshark.org/security/wnpa-sec-2018-20.html
https://www.wireshark.org/security/wnpa-sec-2018-23.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html
https://www.wireshark.org/news/20180223.html
https://www.wireshark.org/news/20180403.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.2.14-1.mga6
libwireshark8-2.2.14-1.mga6
libwiretap6-2.2.14-1.mga6
libwscodecs1-2.2.14-1.mga6
libwsutil7-2.2.14-1.mga6
libwireshark-devel-2.2.14-1.mga6
wireshark-tools-2.2.14-1.mga6
tshark-2.2.14-1.mga6
rawshark-2.2.14-1.mga6
dumpcap-2.2.14-1.mga6

from wireshark-2.2.14-1.mga6.src.rpm

Keywords: advisory, validated_update => (none)
Whiteboard: MGA6-64-OK => (none)
Summary: wireshark new release 2.2.13 fixes security issues => wireshark new release 2.2.14 fixes security issues

Comment 13 David Walser 2018-04-08 02:45:09 CEST
openSUSE has issued an advisory for this today (April 7):
https://lists.opensuse.org/opensuse-updates/2018-04/msg00015.html

They have CVEs that the upstream advisory failed to list.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The SIGCOMP dissector could crash (CVE-2018-7320).

Multiple dissectors could go into large infinite loops. All ASN.1 BER
dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA,
RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were
susceptible (CVE-2018-7321,CVE-2018-7322, CVE-2018-7323, CVE-2018-7324,
CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329,
CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333).

The UMTS MAC dissector could crash (CVE-2018-7334).

The IEEE 802.11 dissector could crash (CVE-2018-7335)

The FCP dissector could crash (CVE-2018-7336).

The IPMI dissector could crash (CVE-2018-7417).

The SIGCOMP dissector could crash (CVE-2018-7418).

The NBAP disssector could crash (CVE-2018-7419).

The pcapng file parser could crash (CVE-2018-7420).

The LWAPP dissector could crash (CVE-2018-9256).

The MP4 dissector could crash (CVE-2018-9259).

The IEEE 802.15.4 dissector could crash (CVE-2018-9260).

The NBAP dissector could crash (CVE-2018-9261).

The VLAN dissector could crash (CVE-2018-9262).

The Kerberos dissector could crash (CVE-2018-9263).

The ADB dissector could crash (CVE-2018-9264).

Memory leaks in multiple dissectors (CVE-2018-9265, CVE-2018-9266,
CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271,
CVE-2018-9272, CVE-2018-9273, CVE-2018-9274).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9274
https://www.wireshark.org/security/wnpa-sec-2018-05.html
https://www.wireshark.org/security/wnpa-sec-2018-06.html
https://www.wireshark.org/security/wnpa-sec-2018-07.html
https://www.wireshark.org/security/wnpa-sec-2018-09.html
https://www.wireshark.org/security/wnpa-sec-2018-10.html
https://www.wireshark.org/security/wnpa-sec-2018-11.html
https://www.wireshark.org/security/wnpa-sec-2018-12.html
https://www.wireshark.org/security/wnpa-sec-2018-13.html
https://www.wireshark.org/security/wnpa-sec-2018-14.html
https://www.wireshark.org/security/wnpa-sec-2018-15.html
https://www.wireshark.org/security/wnpa-sec-2018-16.html
https://www.wireshark.org/security/wnpa-sec-2018-17.html
https://www.wireshark.org/security/wnpa-sec-2018-18.html
https://www.wireshark.org/security/wnpa-sec-2018-19.html
https://www.wireshark.org/security/wnpa-sec-2018-20.html
https://www.wireshark.org/security/wnpa-sec-2018-23.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html
https://www.wireshark.org/news/20180223.html
https://www.wireshark.org/news/20180403.html
https://lists.opensuse.org/opensuse-updates/2018-04/msg00015.html
Comment 14 Lewis Smith 2018-04-09 10:53:23 CEST
M6 x64 UPDATE to:
- dumpcap-2.2.14-1.mga6.x86_64
- lib64wireshark8-2.2.14-1.mga6.x86_64
- lib64wiretap6-2.2.14-1.mga6.x86_64
- lib64wscodecs1-2.2.14-1.mga6.x86_64
- lib64wsutil7-2.2.14-1.mga6.x86_64
- rawshark-2.2.14-1.mga6.x86_64
- tshark-2.2.14-1.mga6.x86_64
- wireshark-2.2.14-1.mga6.x86_64
- wireshark-tools-2.2.14-1.mga6.x86_64
with the Qt5 update installed.

The procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
slightly out-of-date at the start.

Re-did exactly as per comment 11, from "AFTER update". Results similar throughout.
OKing, validating, Advisory to revise. This update will await the Qt5 one.

Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => validated_update

Comment 15 Lewis Smith 2018-04-10 08:56:50 CEST
Advisory updated from comments 12 & 13.

Keywords: (none) => advisory

Comment 16 Thomas Backlund 2018-05-12 09:21:19 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0151.html

Resolution: (none) => FIXED
CC: (none) => tmb
Status: REOPENED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.