Bug 29088 - wireshark new release 3.4.6 fixes security issue (CVE-2021-22222)
Summary: wireshark new release 3.4.6 fixes security issue (CVE-2021-22222)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2021-06-06 20:29 CEST by David Walser
Modified: 2021-06-23 19:14 CEST (History)
4 users (show)

See Also:
Source RPM: wireshark-3.4.5-1.mga8.src.rpm
CVE: CVE-2021-22222
Status comment:


Attachments

Description David Walser 2021-06-06 20:29:36 CEST
Upstream has released new versions on June 2:
https://www.wireshark.org/news/20210602.html

Updated package uploaded for Mageia 8.

Advisory:
========================

Updated wireshark packages fix security vulnerability:

The DVB-S2-BB dissector could go into an infinite loop.

References:
https://www.wireshark.org/security/wnpa-sec-2021-05
https://www.wireshark.org/docs/relnotes/wireshark-3.4.6.html
https://www.wireshark.org/news/20210602.html
========================

Updated packages in core/updates_testing:
========================
wireshark-3.4.6-1.mga8
libwireshark-devel-3.4.6-1.mga8
wireshark-tools-3.4.6-1.mga8
libwiretap11-3.4.6-1.mga8
tshark-3.4.6-1.mga8
dumpcap-3.4.6-1.mga8
rawshark-3.4.6-1.mga8
libwsutil12-3.4.6-1.mga8
libwireshark14-3.4.6-1.mga8

from wireshark-3.4.6-1.mga8.src.rpm
Comment 1 David Walser 2021-06-06 20:29:49 CEST
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Comment 2 Herman Viaene 2021-06-21 16:13:46 CEST
MGA8-64 Plasma on Lenovo B50
No installation issues.
Made user member of the wireshark group, logged out and in again.
There are all sorts of little annoying things when testing.
As already mentioned in bug 26649, the wiki is sort outdated I guess
Starting from a blank installation, made a new folder wiresh under my Documents 
At CLI
$ cd Documents/wiresh
as in the wiki
$ wireshark -n wiresharktest
The window appears and throws an error that the file does not exist. Exit, make an empty text fie of that name and give the command again.
Window opens, no complaints, but there is no interface selected, and the menu "Refresh interfaces" does not bring any interface forward.
So  backto the command I used in bug 26649.
wireshark -n -i wlp9s0 -w wiresharktest
now I can capture packets, but I cannot save the file as I called it, the menu "Save" is not available and "Save as" does not allow me to pick the file, it hass to be wiresharktest.pcapng. This is different behavior from this earler version.
So going on with the new file
$ tshark -nr wiresharktest.pcapng | more
    1 0.000000000 192.168.2.15 → 224.0.0.1    IGMPv3 50 Membership Query, general
    2 1.139987728  192.168.2.5 → 192.168.2.1  DNS 81 Standard query 0x92d2 A i.creativecommons.org
    3 1.140043703  192.168.2.5 → 192.168.2.1  DNS 81 Standard query 0x6cdb AAAA i.creativecommons.org
    4 1.140122600  192.168.2.5 → 192.168.2.1  DNS 75 Standard query 0x1f28 A wiki.mageia.org
    5 1.140172972  192.168.2.5 → 192.168.2.1  DNS 75 Standard query 0xab30 AAAA wiki.mageia.org
    6 1.140184052  192.168.2.5 → 192.168.2.1  DNS 74 Standard query 0x86bd A nav.mageia.org
    7 1.140215189  192.168.2.5 → 192.168.2.1  DNS 74 Standard query 0x69b2 AAAA nav.mageia.org
    8 1.142052702  192.168.2.5 → 192.168.2.1  DNS 75 Standard query 0xbc22 A wiki.mageia.org
    9 1.145957906  192.168.2.1 → 192.168.2.5  DNS 234 Standard query response 0x86bd A nav.mageia.org CNAME sucuk.mageia.org A 212.85.158.151 NS ns0.mageia.org NS ns1.mageia.org A 163.172.14
8.228 A 212.85.158.151 AAAA 2001:bc8:4400:2800::4115 AAAA 2a02:2178:2:7::7
etc ......
$ editcap -r wiresharktest.pcapng wiresharktest50 1-50
generated the smaller file OK.
$ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50 
mergecap: wiresharktest.pcapng is type Wireshark/... - pcapng.
mergecap: wiresharktest50 is type Wireshark/... - pcapng.
mergecap: selected frame_type Ethernet (ether)
mergecap: ready to merge records
Record: 1
Record: 2
etc... till
Record: 468
mergecap: merging complete

$ randpkt -b 500 -t dns wireshark_dns.pcap
created the file OK

$ wireshark wireshark_dns.pcap
displayed the file OK

$ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
Number of packets:   50
File size:           14kB
etc....
The dftest command from the wiki doesn't seem to exist anymore.

So apart from the minor hassles, OK

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 3 Herman Viaene 2021-06-21 16:20:18 CEST
One side remark: removing the wireshark package with MCC, does not remove the wireshark group that came with the installation. If you want to keep a clean system, you have to remove it yourself.
Comment 4 Thomas Andrews 2021-06-22 18:16:46 CEST
Validating. Advisory in Comment 0.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 5 Aurelien Oudelet 2021-06-22 21:51:57 CEST
Updated advisory with CVE

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22222

Ubuntu issued an advisory on this on June 7th 2021:
https://ubuntu.com/security/CVE-2021-22222

Keywords: (none) => advisory
Summary: wireshark new release 3.4.6 fixes security issue => wireshark new release 3.4.6 fixes security issue (CVE-2021-22222)
CC: (none) => ouaurelien
CVE: (none) => CVE-2021-22222

Comment 6 David Walser 2021-06-23 02:20:55 CEST
(In reply to Aurelien Oudelet from comment #5)
> Updated advisory with CVE
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22222
> 
> Ubuntu issued an advisory on this on June 7th 2021:
> https://ubuntu.com/security/CVE-2021-22222

That's not an advisory, just a CVE information page.  Glad you found the CVE.  How did you find it?
Comment 7 Aurelien Oudelet 2021-06-23 05:41:37 CEST
(In reply to David Walser from comment #6)
> (In reply to Aurelien Oudelet from comment #5)
> > Updated advisory with CVE
> > 
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22222
> > 
> > Ubuntu issued an advisory on this on June 7th 2021:
> > https://ubuntu.com/security/CVE-2021-22222
> 
> That's not an advisory, just a CVE information page.  Glad you found the
> CVE.  How did you find it?

I search online this sentence: "The DVB-S2-BB dissector could go into an infinite loop" which returns links to the Ubuntu CVE information page, the CVE mitre site. ;)

Also, thanks spellcheck my comment ;)
Comment 8 Mageia Robot 2021-06-23 19:14:53 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0279.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.