Bug 23330 - wireshark new release 2.2.16 fixes security issues
Summary: wireshark new release 2.2.16 fixes security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2018-07-19 02:35 CEST by David Walser
Modified: 2018-07-24 00:29 CEST (History)
3 users (show)

See Also:
Source RPM: wireshark-2.2.15-1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-07-19 02:35:32 CEST 
Upstream has released new versions today (July 18):
https://www.wireshark.org/news/20180718.html

Updated package uploaded for Mageia 6.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

RPKI-Router infinite loop (CVE-2018-7325).

MMSE dissector infinite loop (CVE-2018-14339).

Multiple dissectors could crash (CVE-2018-14340).

DICOM dissector crash (CVE-2018-14341).

BGP dissector large loop (CVE-2018-14342).

ASN.1 BER dissector crash (CVE-2018-14343).

ISMP dissector crash (CVE-2018-14344).

Bazaar dissector infinite loop (CVE-2018-14368).

HTTP2 dissector crash (CVE-2018-14369).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14369
https://www.wireshark.org/security/wnpa-sec-2018-06.html
https://www.wireshark.org/security/wnpa-sec-2018-34.html
https://www.wireshark.org/security/wnpa-sec-2018-35.html
https://www.wireshark.org/security/wnpa-sec-2018-36.html
https://www.wireshark.org/security/wnpa-sec-2018-37.html
https://www.wireshark.org/security/wnpa-sec-2018-38.html
https://www.wireshark.org/security/wnpa-sec-2018-39.html
https://www.wireshark.org/security/wnpa-sec-2018-40.html
https://www.wireshark.org/security/wnpa-sec-2018-41.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.16.html
https://www.wireshark.org/news/20180718.html
========================

Updated packages in core/updates_testing:
========================
wireshark-2.2.16-1.mga6
libwireshark8-2.2.16-1.mga6
libwiretap6-2.2.16-1.mga6
libwscodecs1-2.2.16-1.mga6
libwsutil7-2.2.16-1.mga6
libwireshark-devel-2.2.16-1.mga6
wireshark-tools-2.2.16-1.mga6
tshark-2.2.16-1.mga6
rawshark-2.2.16-1.mga6
dumpcap-2.2.16-1.mga6

from wireshark-2.2.16-1.mga6.src.rpm
Comment 1 David Walser 2018-07-19 02:35:48 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Comment 2 William Kenney 2018-07-20 02:43:56 CEST 
In VirtualBox, M6, MATE, 32-bit

Package(s) under test:
wireshark libwireshark8 libwiretap6 libwsutil7 wireshark-tools tshark

The following 16 packages are going to be installed:

- dumpcap-2.2.15-1.mga6.i586
- geoip-database-1.6.9-2.mga6.noarch
- libgeoip1-1.6.9-2.mga6.i586
- libnl-route3_200-3.3.0-1.mga6.i586
- libqt5multimedia5-5.9.4-1.mga6.i586
- libqt5printsupport5-5.9.4-1.1.mga6.i586
- libsmi-mibs-std-0.5.0-2.mga6.i586
- libsmi2-0.5.0-2.mga6.i586
- libwireshark8-2.2.15-1.mga6.i586
- libwiretap6-2.2.15-1.mga6.i586
- libwscodecs1-2.2.15-1.mga6.i586
- libwsutil7-2.2.15-1.mga6.i586
- smi-tools-0.5.0-2.mga6.i586
- tshark-2.2.15-1.mga6.i586
- wireshark-2.2.15-1.mga6.i586
- wireshark-tools-2.2.15-1.mga6.i586

Assign wilcal to the wireshark group, restart wilcal.

default install of :

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.15-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark8
Package libwireshark8-2.2.15-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap6
Package libwiretap6-2.2.15-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil7
Package libwsutil7-2.2.15-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.15-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.15-1.mga6.i586 is already installed

Running wireshark I can capture and save to a file
(test01.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test01.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test02.txt works
Capturing on 'enp0s3'
3806 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
ip.src == 192.168.0.10          ( this system )
ip.addr == 192.168.0.13         ( Yamaha receiver, barks a lot )
Set filter to: not ip.addr == 192.168.0.10 and not ip.src == 192.168.0.13
Filter works.

install wireshark libwireshark8 libwiretap6 libwsutil7 wireshark-tools
tshark from updates_testing

[root@localhost wilcal]# urpmi wireshark
Package wireshark-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwireshark8
Package libwireshark8-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwiretap6
Package libwiretap6-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libwsutil7
Package libwsutil7-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi wireshark-tools
Package wireshark-tools-2.2.16-1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi tshark
Package tshark-2.2.16-1.mga6.i586 is already installed

Running wireshark I can capture and save to a file
(test03.pcapng) the traffic on enp0s3. Close wireshark.
I can reopen test03.pcapng with wireshark and review the data.
wireshark tools like tshark work:
tshark >> test04.txt works
Capturing on 'enp0s3'
8792 ^Z ( captured lines )
[1]+  Stopped                 tshark >> test02.txt

Set a filter:
Set filter to: not ip.addr == 192.168.0.10 and not ip.src == 192.168.0.13
Filter works.

CC: (none) => wilcal.int

William Kenney 2018-07-20 02:44:27 CEST

Whiteboard: (none) => MGA6-32-OK

Comment 3 PC LX 2018-07-20 17:42:51 CEST 
Installed and tested without issues.

Did some quick tests including:
- capturing using dumpcap;
- capturing using wireshark's Qt GUI;
- saving/loading captured packets;
- filtering packets.

$ uname -a
Linux marte 4.14.56-desktop-1.mga6 #1 SMP Mon Jul 16 19:36:06 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q dumpcap-2.2.16-1.mga6.x86_64 lib64wireshark8-2.2.16-1.mga6.x86_64 lib64wiretap6-2.2.16-1.mga6.x86_64 lib64wscodecs1-2.2.16-1.mga6.x86_64  lib64wsutil7-2.2.16-1.mga6.x86_64 wireshark-2.2.16-1.mga6.x86_64
dumpcap-2.2.16-1.mga6
lib64wireshark8-2.2.16-1.mga6
lib64wiretap6-2.2.16-1.mga6
lib64wscodecs1-2.2.16-1.mga6
lib64wsutil7-2.2.16-1.mga6
wireshark-2.2.16-1.mga6

CC: (none) => mageia
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK

William Kenney 2018-07-22 21:55:04 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Rémi Verschelde 2018-07-23 13:00:16 CEST 
Advisory uploaded.

Keywords: (none) => advisory

Comment 5 Mageia Robot 2018-07-24 00:29:17 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0320.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.