Bug 25436 - wireshark new release 3.0.4 fixes security issue
Summary: wireshark new release 3.0.4 fixes security issue
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-09-13 12:53 CEST by David Walser
Modified: 2019-09-15 16:46 CEST (History)
3 users (show)

See Also:
Source RPM: wireshark-3.0.3-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-09-13 12:53:10 CEST 
Upstream has released new versions on September 11:
https://www.wireshark.org/news/20190911.html

Updated package uploaded for Mageia 7.

Advisory:
========================

Updated wireshark packages fix security vulnerability:

The Gryphon dissector could go into an infinite loop.

References:
https://www.wireshark.org/security/wnpa-sec-2019-21
https://www.wireshark.org/docs/relnotes/wireshark-3.0.4.html
https://www.wireshark.org/news/20190911.html
========================

Updated packages in core/updates_testing:
========================
wireshark-3.0.4-1.mga7
libwireshark12-3.0.4-1.mga7
libwiretap9-3.0.4-1.mga7
libwscodecs2-3.0.4-1.mga7
libwsutil10-3.0.4-1.mga7
libwireshark-devel-3.0.4-1.mga7
wireshark-tools-3.0.4-1.mga7
tshark-3.0.4-1.mga7
rawshark-3.0.4-1.mga7
dumpcap-3.0.4-1.mga7

from wireshark-3.0.4-1.mga7.src.rpm
Comment 1 Herman Viaene 2019-09-15 11:52:18 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues
Ref to https://wiki.mageia.org/en/QA_procedure:Wireshark
with some remarks:
made sure user is member of wireshark group.
$ wireshark -n wiresharktest
file not found
I can run wireshark, but there is no way I can save its results in a file without extension in its name.
Consulted help and submitted:
$ wireshark -n -i wlp9s0 -w wiresharktest
that gave me the file to proceed
$ tshark -nr wiresharktest
dumped the whole file on stdout
$ editcap -r wiresharktest wiresharktest50 1-50
made the smaller file OK
$ mergecap -v -w wiresharkmerged wiresharktest wiresharktest50
mergecap: wiresharktest is type Wireshark/... - pcapng.
mergecap: wiresharktest50 is type Wireshark/... - pcapng.
mergecap: selected frame_type Ethernet (ether)
mergecap: ready to merge records
Record: 1
Record: 2
etc....
$ randpkt -b 500 -t dns wireshark_dns.pcap
created the file OK
$ wireshark wireshark_dns.pcap
displayed the file OK
$ dftest ip
bash: dftest: opdracht niet gevonden (command not found)
I just skipped that one. (urpmf does not find such file in /usr/bin)
$ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
and more .....
To me it is OK, but if the missing dftest is a real issue, then plse remove the OK.
I would like someone else to confirm that the wiki needs some update on its first command.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Thomas Backlund 2019-09-15 15:20:39 CEST

Keywords: (none) => advisory, validated_update
CC: (none) => tmb, sysadmin-bugs

Comment 2 Mageia Robot 2019-09-15 16:46:45 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0282.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.