Upstream has released new versions on September 23: https://www.wireshark.org/news/20200923.html Updated package uploaded for Mageia 7. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: The TCP dissector could crash (CVE-2020-25862). The MIME Multipart dissector could crash (CVE-2020-25863). The BLIP dissector could crash (CVE-2020-25866). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25863 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25866 https://www.wireshark.org/security/wnpa-sec-2020-11 https://www.wireshark.org/security/wnpa-sec-2020-12 https://www.wireshark.org/security/wnpa-sec-2020-13 https://www.wireshark.org/docs/relnotes/wireshark-3.0.14.html https://www.wireshark.org/news/20200923.html ======================== Updated packages in core/updates_testing: ======================== wireshark-3.0.14-1.mga7 libwireshark12-3.0.14-1.mga7 libwiretap9-3.0.14-1.mga7 libwscodecs2-3.0.14-1.mga7 libwsutil11-3.0.14-1.mga7 libwireshark-devel-3.0.14-1.mga7 wireshark-tools-3.0.14-1.mga7 tshark-3.0.14-1.mga7 rawshark-3.0.14-1.mga7 dumpcap-3.0.14-1.mga7 from wireshark-3.0.14-1.mga7.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Keywords: (none) => has_procedure
mga7, x86_64 Added user to wireshark group. Installed all components before updating and used wireshark to create a pcap file. Cannot remember the details - managed by accident without understanding the grammar. Updated the packages but found that libwsutil11-3.0.14-1.mga7 is actually named libwsutil10-3.0.14-1.mga7 ; 10 not 11. ?? Starting the QA procedure found it impossible to specify a filter for creating a capture file and gave up - syntax errors at every step. Carried on with the procedure. The analysis of the original woresharktest.pcap showed local network traffic OK. Recognized the addresses of the NAS drive and host machine and the networked fileserver in the listing, mainly for TCP ACKs and Application Data under TLSv1.2 and an announcement regarding the wifi printer, presumably a poll of some kind. $ editcap -r wiresharktest.pcap wiresharktest50 1-50 Generated 50 line extract. $ mergecap -v -w wiresharkmerged wiresharktest.pcap wiresharktest50 [...] Record: 1778 Record: 1779 mergecap: merging complete $ ll wire* -rw-r--r-- 1 lcl lcl 1321196 Oct 13 11:10 wiresharkmerged -rw-r--r-- 1 lcl lcl 5540 Oct 13 11:07 wiresharktest50 -rw-r--r-- 1 lcl lcl 1284843 Oct 13 10:09 wiresharktest.pcap $ randpkt -b 500 -t dns wireshark_dns.pcap $ ll wire*dns* -rw-r--r-- 1 lcl lcl 291411 Oct 13 11:15 wireshark_dns.pcap $ wireshark wireshark_dns.pcap This shows a lot of DNS transactions with Malformed Packet and Unknown Operation response - to be expected. dftest does not appear to be fully installed. There are man and HTML documents dated today but no command. $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/... - pcapng File encapsulation: Ethernet File timestamp precision: microseconds (6) Packet size limit: file hdr: (not set) [...] Interface #0 info: Encapsulation = Ethernet (1 - ether) Capture length = 262144 Time precision = microseconds (6) Time ticks per second = 1000000 Number of stat entries = 0 Number of packets = 50 These general tests look OK but leaving this open for comments.
CC: (none) => tarazed25
Following on from comment 2: The absence of dftest rings distant bells so maybe this should be passed on.
Whiteboard: (none) => MGA7-64-OK
The missing dftest command is not a regression. urpmf dftest shows ... wireshark:/usr/share/wireshark/dftest.html wireshark-tools:/usr/share/doc/wireshark/dftest.html wireshark-tools:/usr/share/man/man1/dftest.1.xz for all versions of wireshark since Mageia 7 started. Validating the update.
CC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => validated_update
Advisory done
Keywords: (none) => advisoryCC: (none) => ouaurelien
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0384.html
Status: NEW => RESOLVEDResolution: (none) => FIXED