Bug 29261 - wireshark new release 3.4.7 fixes security issue (CVE-2021-22235)
Summary: wireshark new release 3.4.7 fixes security issue (CVE-2021-22235)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2021-07-15 16:00 CEST by David Walser
Modified: 2021-07-21 14:19 CEST (History)
4 users (show)

See Also:
Source RPM: wireshark-3.4.6-1.mga8.src.rpm
CVE: CVE-2021-22235
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-07-15 16:00:31 CEST 
Upstream has released new versions on July 14:
https://www.wireshark.org/news/20210714.html

Updated package uploaded for Mageia 8.

Advisory:
========================

Updated wireshark packages fix security vulnerability:

The DNP dissector could crash (CVE-2021-22235).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22235
https://www.wireshark.org/security/wnpa-sec-2021-06
https://www.wireshark.org/docs/relnotes/wireshark-3.4.7.html
https://www.wireshark.org/news/20210714.html
========================

Updated packages in core/updates_testing:
========================
wireshark-3.4.7-1.mga8
libwireshark-devel-3.4.7-1.mga8
wireshark-tools-3.4.7-1.mga8
libwiretap11-3.4.7-1.mga8
tshark-3.4.7-1.mga8
dumpcap-3.4.7-1.mga8
rawshark-3.4.7-1.mga8
libwsutil12-3.4.7-1.mga8
libwireshark14-3.4.7-1.mga8

from wireshark-3.4.7-1.mga8.src.rpm
Comment 1 David Walser 2021-07-15 16:00:42 CEST 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Wireshark

Keywords: (none) => has_procedure

Comment 2 Herman Viaene 2021-07-20 16:18:26 CEST 
MGA8-64 Plasma on Lenovo B50
No installation issues
Followed my previous bug 29088 to avoid the niggles encountered there.
$ wireshark -n wiresharktest.pcapng 
File saved OK
[tester8@mach5 wiresh]$ tshark -nr wiresharktest.pcapng | more
    1 0.000000000 192.168.2.15 → 224.0.0.1    IGMPv3 50 Membership Query, general
    2 1.139987728  192.168.2.5 → 192.168.2.1  DNS 81 Standard query 0x92d2 A i.creativecommons.org
    3 1.140043703  192.168.2.5 → 192.168.2.1  DNS 81 Standard query 0x6cdb AAAA i.creativecommons.org
    4 1.140122600  192.168.2.5 → 192.168.2.1  DNS 75 Standard query 0x1f28 A wiki.mageia.org
    5 1.140172972  192.168.2.5 → 192.168.2.1  DNS 75 Standard query 0xab30 AAAA wiki.mageia.org
    6 1.140184052  192.168.2.5 → 192.168.2.1  DNS 74 Standard query 0x86bd A nav.mageia.org
    7 1.140215189  192.168.2.5 → 192.168.2.1  DNS 74 Standard query 0x69b2 AAAA nav.mageia.org
    8 1.142052702  192.168.2.5 → 192.168.2.1  DNS 75 Standard query 0xbc22 A wiki.mageia.org
    9 1.145957906  192.168.2.1 → 192.168.2.5  DNS 234 Standard query response 0x86bd A nav.mageia.org CNAME sucuk.mageia.org A 212.85.158.151 NS ns0.mageia.org NS ns1.mageia.org A 163.172.14
8.228 A 212.85.158.151 AAAA 2001:bc8:4400:2800::4115 AAAA 2a02:2178:2:7::7
etc .......
$ editcap -r wiresharktest.pcapng wiresharktest50 1-50
generated the smaller file OK.
$ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50 
mergecap: wiresharktest.pcapng is type Wireshark/... - pcapng.
mergecap: wiresharktest50 is type Wireshark/... - pcapng.
mergecap: selected frame_type Ethernet (ether)
mergecap: ready to merge records
Record: 1
Record: 2
Record: 3
and so on till
Record: 7015
mergecap: merging complete

$ randpkt -b 500 -t dns wireshark_dns.pcap
created the file OK

$ wireshark wireshark_dns.pcap
displayed the file OK

$ capinfos wiresharktest50
File name:           wiresharktest50
File type:           Wireshark/... - pcapng
File encapsulation:  Ethernet
File timestamp precision:  nanoseconds (9)
Packet size limit:   file hdr: (not set)
Number of packets:   50
File size:           5.408 bytes
Data size:           3.526 bytes
Capture duration:    21,004674879 seconds
First packet time:   2021-07-20 16:12:43,553152943
Last packet time:    2021-07-20 16:13:04,557827822
Data byte rate:      167 bytes/s
Data bit rate:       1.342 bits/s
Average packet size: 70,52 bytes
Average packet rate: 2 packets/s
SHA256:              6c2bcd7fc698c1c1eb478ae90d1125f9c5893c595fba684d374d1232b4852038
RIPEMD160:           ffe33d4454471614fa6fb8bef6913cab7002f3a5
SHA1:                8640cf203c98a1f28eab1dfc733f571132453b8a
Strict time order:   True
Capture hardware:    Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz (with SSE4.2)
Capture oper-sys:    Linux 5.10.48-desktop-1.mga8
Capture application: Dumpcap (Wireshark) 3.4.7 (Git commit e42cbf6a415f)
Number of interfaces in file: 1
Interface #0 info:
                     Name = wlp9s0
                     Encapsulation = Ethernet (1 - ether)
                     Capture length = 262144
                     Time precision = nanoseconds (9)
                     Time ticks per second = 1000000000
                     Time resolution = 0x09
                     Operating system = Linux 5.10.48-desktop-1.mga8
                     Number of stat entries = 0
                     Number of packets = 50

So all looks OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 3 Thomas Andrews 2021-07-20 18:40:40 CEST 
Validating. Advisory in Comment 0.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Aurelien Oudelet 2021-07-20 23:15:23 CEST

Keywords: (none) => advisory
CVE: (none) => CVE-2021-22235
CC: (none) => ouaurelien

Comment 4 Mageia Robot 2021-07-21 14:19:31 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0364.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.