Upstream has released new versions on June 2: https://www.wireshark.org/news/20210602.html Updated package uploaded for Mageia 8. Advisory: ======================== Updated wireshark packages fix security vulnerability: The DVB-S2-BB dissector could go into an infinite loop. References: https://www.wireshark.org/security/wnpa-sec-2021-05 https://www.wireshark.org/docs/relnotes/wireshark-3.4.6.html https://www.wireshark.org/news/20210602.html ======================== Updated packages in core/updates_testing: ======================== wireshark-3.4.6-1.mga8 libwireshark-devel-3.4.6-1.mga8 wireshark-tools-3.4.6-1.mga8 libwiretap11-3.4.6-1.mga8 tshark-3.4.6-1.mga8 dumpcap-3.4.6-1.mga8 rawshark-3.4.6-1.mga8 libwsutil12-3.4.6-1.mga8 libwireshark14-3.4.6-1.mga8 from wireshark-3.4.6-1.mga8.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Wireshark
Keywords: (none) => has_procedure
MGA8-64 Plasma on Lenovo B50 No installation issues. Made user member of the wireshark group, logged out and in again. There are all sorts of little annoying things when testing. As already mentioned in bug 26649, the wiki is sort outdated I guess Starting from a blank installation, made a new folder wiresh under my Documents At CLI $ cd Documents/wiresh as in the wiki $ wireshark -n wiresharktest The window appears and throws an error that the file does not exist. Exit, make an empty text fie of that name and give the command again. Window opens, no complaints, but there is no interface selected, and the menu "Refresh interfaces" does not bring any interface forward. So backto the command I used in bug 26649. wireshark -n -i wlp9s0 -w wiresharktest now I can capture packets, but I cannot save the file as I called it, the menu "Save" is not available and "Save as" does not allow me to pick the file, it hass to be wiresharktest.pcapng. This is different behavior from this earler version. So going on with the new file $ tshark -nr wiresharktest.pcapng | more 1 0.000000000 192.168.2.15 → 224.0.0.1 IGMPv3 50 Membership Query, general 2 1.139987728 192.168.2.5 → 192.168.2.1 DNS 81 Standard query 0x92d2 A i.creativecommons.org 3 1.140043703 192.168.2.5 → 192.168.2.1 DNS 81 Standard query 0x6cdb AAAA i.creativecommons.org 4 1.140122600 192.168.2.5 → 192.168.2.1 DNS 75 Standard query 0x1f28 A wiki.mageia.org 5 1.140172972 192.168.2.5 → 192.168.2.1 DNS 75 Standard query 0xab30 AAAA wiki.mageia.org 6 1.140184052 192.168.2.5 → 192.168.2.1 DNS 74 Standard query 0x86bd A nav.mageia.org 7 1.140215189 192.168.2.5 → 192.168.2.1 DNS 74 Standard query 0x69b2 AAAA nav.mageia.org 8 1.142052702 192.168.2.5 → 192.168.2.1 DNS 75 Standard query 0xbc22 A wiki.mageia.org 9 1.145957906 192.168.2.1 → 192.168.2.5 DNS 234 Standard query response 0x86bd A nav.mageia.org CNAME sucuk.mageia.org A 212.85.158.151 NS ns0.mageia.org NS ns1.mageia.org A 163.172.14 8.228 A 212.85.158.151 AAAA 2001:bc8:4400:2800::4115 AAAA 2a02:2178:2:7::7 etc ...... $ editcap -r wiresharktest.pcapng wiresharktest50 1-50 generated the smaller file OK. $ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50 mergecap: wiresharktest.pcapng is type Wireshark/... - pcapng. mergecap: wiresharktest50 is type Wireshark/... - pcapng. mergecap: selected frame_type Ethernet (ether) mergecap: ready to merge records Record: 1 Record: 2 etc... till Record: 468 mergecap: merging complete $ randpkt -b 500 -t dns wireshark_dns.pcap created the file OK $ wireshark wireshark_dns.pcap displayed the file OK $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/... - pcapng File encapsulation: Ethernet File timestamp precision: nanoseconds (9) Packet size limit: file hdr: (not set) Number of packets: 50 File size: 14kB etc.... The dftest command from the wiki doesn't seem to exist anymore. So apart from the minor hassles, OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
One side remark: removing the wireshark package with MCC, does not remove the wireshark group that came with the installation. If you want to keep a clean system, you have to remove it yourself.
Validating. Advisory in Comment 0.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Updated advisory with CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22222 Ubuntu issued an advisory on this on June 7th 2021: https://ubuntu.com/security/CVE-2021-22222
Keywords: (none) => advisorySummary: wireshark new release 3.4.6 fixes security issue => wireshark new release 3.4.6 fixes security issue (CVE-2021-22222)CC: (none) => ouaurelienCVE: (none) => CVE-2021-22222
(In reply to Aurelien Oudelet from comment #5) > Updated advisory with CVE > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22222 > > Ubuntu issued an advisory on this on June 7th 2021: > https://ubuntu.com/security/CVE-2021-22222 That's not an advisory, just a CVE information page. Glad you found the CVE. How did you find it?
(In reply to David Walser from comment #6) > (In reply to Aurelien Oudelet from comment #5) > > Updated advisory with CVE > > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22222 > > > > Ubuntu issued an advisory on this on June 7th 2021: > > https://ubuntu.com/security/CVE-2021-22222 > > That's not an advisory, just a CVE information page. Glad you found the > CVE. How did you find it? I search online this sentence: "The DVB-S2-BB dissector could go into an infinite loop" which returns links to the Ubuntu CVE information page, the CVE mitre site. ;) Also, thanks spellcheck my comment ;)
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0279.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED