28687 – wireshark new release 3.4.4 fixes security issue

Bug 28687 - wireshark new release 3.4.4 fixes security issue

Summary: wireshark new release 3.4.4 fixes security issue

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-03-31 02:52 CEST by David Walser
Modified:	2021-04-12 22:02 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	wireshark-3.4.3-1.mga8.src.rpm
CVE:	CVE-2021-22191
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-03-31 02:52:51 CEST

Upstream has released new versions on March 10:
https://www.wireshark.org/news/20210310.html

Mageia 8 needs to be upgraded to 3.4.4, which fixes a security issue:
https://www.wireshark.org/docs/relnotes/wireshark-3.4.4.html
https://www.wireshark.org/security/wnpa-sec-2021-03
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22191

Jani has updated it in Cauldron and hopefully won't mind packaging this update.

David Walser 2021-03-31 02:53:20 CEST

Assignee: bugsquad => jani.valimaa

Comment 1 Nicolas Lécureuil 2021-04-02 21:35:09 CEST

updated in mga8:

src:
    - wireshark-3.4.4-1.mga8

Assignee: jani.valimaa => qa-bugs
CC: (none) => mageia

Comment 2 David Walser 2021-04-04 17:40:53 CEST

Advisory:
========================

Updated wireshark packages fix security vulnerability:

Wireshark could open unsafe URLs (CVE-2021-22191).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22191
https://www.wireshark.org/security/wnpa-sec-2021-03
https://www.wireshark.org/docs/relnotes/wireshark-3.4.4.html
https://www.wireshark.org/news/20210310.html
========================

Updated packages in core/updates_testing:
========================
wireshark-3.4.4-1.mga8
libwireshark-devel-3.4.4-1.mga8
wireshark-tools-3.4.4-1.mga8
libwiretap11-3.4.4-1.mga8
tshark-3.4.4-1.mga8
dumpcap-3.4.4-1.mga8
rawshark-3.4.4-1.mga8
libwsutil12-3.4.4-1.mga8
libwireshark14-3.4.4-1.mga8

from wireshark-3.4.4-1.mga8.src.rpm

Comment 3 Brian Rockwell 2021-04-12 04:17:01 CEST

# uname -a
Linux localhost 5.10.27-desktop-1.mga8 #1 SMP Tue Mar 30 23:14:59 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux



The following 13 packages are going to be installed:

- dumpcap-3.4.4-1.mga8.x86_64
- lib64bcg729_0-1.1.1-1.mga8.x86_64
- lib64nl-route3_200-3.5.0-2.mga8.x86_64
- lib64qt5multimedia5-5.15.2-1.mga8.x86_64
- lib64smi2-0.5.0-4.mga8.x86_64
- lib64wireshark14-3.4.4-1.mga8.x86_64
- lib64wiretap11-3.4.4-1.mga8.x86_64
- lib64wsutil12-3.4.4-1.mga8.x86_64
- libsmi-mibs-std-0.5.0-4.mga8.x86_64
- rawshark-3.4.4-1.mga8.x86_64
- smi-tools-0.5.0-4.mga8.x86_64
- wireshark-3.4.4-1.mga8.x86_64
- wireshark-tools-3.4.4-1.mga8.x86_64

----

I ran some captures - working as designed.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => brtians1

Comment 4 Thomas Andrews 2021-04-12 15:27:19 CEST

Thank you, Brian. Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Aurelien Oudelet 2021-04-12 15:30:11 CEST

Keywords: (none) => advisory
CC: (none) => ouaurelien
CVE: (none) => CVE-2021-22191

Comment 5 Mageia Robot 2021-04-12 22:02:37 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0185.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.