Bug 27397 - wireshark new release 3.0.14 fixes security issues
Summary: wireshark new release 3.0.14 fixes security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2020-10-13 01:36 CEST by David Walser
Modified: 2020-10-16 17:46 CEST (History)
4 users (show)

See Also:
Source RPM: wireshark-3.0.13-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-10-13 01:36:12 CEST 
Upstream has released new versions on September 23:
https://www.wireshark.org/news/20200923.html

Updated package uploaded for Mageia 7.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The TCP dissector could crash (CVE-2020-25862).

The MIME Multipart dissector could crash (CVE-2020-25863).

The BLIP dissector could crash (CVE-2020-25866).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25866
https://www.wireshark.org/security/wnpa-sec-2020-11
https://www.wireshark.org/security/wnpa-sec-2020-12
https://www.wireshark.org/security/wnpa-sec-2020-13
https://www.wireshark.org/docs/relnotes/wireshark-3.0.14.html
https://www.wireshark.org/news/20200923.html
========================

Updated packages in core/updates_testing:
========================
wireshark-3.0.14-1.mga7
libwireshark12-3.0.14-1.mga7
libwiretap9-3.0.14-1.mga7
libwscodecs2-3.0.14-1.mga7
libwsutil11-3.0.14-1.mga7
libwireshark-devel-3.0.14-1.mga7
wireshark-tools-3.0.14-1.mga7
tshark-3.0.14-1.mga7
rawshark-3.0.14-1.mga7
dumpcap-3.0.14-1.mga7

from wireshark-3.0.14-1.mga7.src.rpm
Comment 1 David Walser 2020-10-13 01:36:26 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Comment 2 Len Lawrence 2020-10-13 12:51:00 CEST 
mga7, x86_64

Added user to wireshark group.

Installed all components before updating and used wireshark to create a pcap file.  Cannot remember the details - managed by accident without understanding the grammar.

Updated the packages but found that libwsutil11-3.0.14-1.mga7 is actually named libwsutil10-3.0.14-1.mga7 ; 10 not 11.  ??

Starting the QA procedure  found it impossible to specify a filter for creating a capture file and gave up - syntax errors at every step.
Carried on with the procedure.
The analysis of the original woresharktest.pcap showed local network traffic OK.  Recognized the addresses of the NAS drive and host machine and the networked fileserver in the listing, mainly for TCP ACKs and Application Data under TLSv1.2 and an announcement regarding the wifi printer, presumably a poll of some kind.

$ editcap -r wiresharktest.pcap wiresharktest50 1-50
Generated 50 line extract.

$ mergecap  -v -w wiresharkmerged wiresharktest.pcap wiresharktest50 
[...]
Record: 1778
Record: 1779
mergecap: merging complete
$ ll wire*
-rw-r--r-- 1 lcl lcl 1321196 Oct 13 11:10 wiresharkmerged
-rw-r--r-- 1 lcl lcl    5540 Oct 13 11:07 wiresharktest50
-rw-r--r-- 1 lcl lcl 1284843 Oct 13 10:09 wiresharktest.pcap

$ randpkt -b 500 -t dns wireshark_dns.pcap
$ ll wire*dns*
-rw-r--r-- 1 lcl lcl 291411 Oct 13 11:15 wireshark_dns.pcap
$ wireshark wireshark_dns.pcap
This shows a lot of DNS transactions with Malformed Packet and Unknown Operation response - to be expected.

dftest does not appear to be fully installed.  There are man and HTML documents dated today but no command.

$ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  microseconds (6)
Packet size limit:   file hdr: (not set)
[...]
Interface #0 info:
                     Encapsulation = Ethernet (1 - ether)
                     Capture length = 262144
                     Time precision = microseconds (6)
                     Time ticks per second = 1000000
                     Number of stat entries = 0
                     Number of packets = 50

These general tests look OK but leaving this open for comments.

CC: (none) => tarazed25

Comment 3 Len Lawrence 2020-10-14 17:36:28 CEST 
Following on from comment 2:

The absence of dftest rings distant bells so maybe this should be passed on.

Whiteboard: (none) => MGA7-64-OK

Comment 4 Dave Hodgins 2020-10-14 21:42:01 CEST 
The missing dftest command is not a regression.

urpmf dftest shows ...
wireshark:/usr/share/wireshark/dftest.html
wireshark-tools:/usr/share/doc/wireshark/dftest.html
wireshark-tools:/usr/share/man/man1/dftest.1.xz
for all versions of wireshark since Mageia 7 started.

Validating the update.

CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update

Comment 5 Aurelien Oudelet 2020-10-15 15:37:03 CEST 
Advisory done

Keywords: (none) => advisory
CC: (none) => ouaurelien

Comment 6 Mageia Robot 2020-10-16 17:46:27 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0384.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.