Fedora has issued an advisory today (September 11): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/ Mageia 8 and 9 are also affected.
Whiteboard: (none) => MGA9TOO, MGA8TOOCC: (none) => nicolas.salgueroSource RPM: (none) => wireshark-4.0.7-1.mga9.src.rpm
New version 4.0.8. Includes fixes for CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513. Hesitate to assign this to DavidW, so doing so globally.
Status comment: (none) => Fixed in 4.0.8Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. (CVE-2023-2906) BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. (CVE-2023-4511) CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file. (CVE-2023-4512) BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. (CVE-2023-4513) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4511 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4512 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4513 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/ ======================== Updated packages in 9/core/updates_testing: ======================== dumpcap-4.0.8-1.mga9 lib(64)wireshark16-4.0.8-1.mga9 lib(64)wireshark-devel-4.0.8-1.mga9 lib(64)wiretap13-4.0.8-1.mga9 lib(64)wsutil14-4.0.8-1.mga9 rawshark-4.0.8-1.mga9 tshark-4.0.8-1.mga9 wireshark-4.0.8-1.mga9 wireshark-tools-4.0.8-1.mga9 from SRPM: wireshark-4.0.8-1.mga9.src.rpm
Assignee: pkg-bugs => nicolas.salguero
Status comment: Fixed in 4.0.8 => (none)
Whiteboard: MGA9TOO, MGA8TOO => MGA8TOOVersion: Cauldron => 9Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED
Tried to replace mga9 by mga8 in the list of comment 2, but not found in repos.
CC: (none) => herman.viaene
Nicolas, the updates should have been built for both m8 and m9 before assigning this to qa.
CC: (none) => davidwhodgins
Assignee: qa-bugs => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. (CVE-2023-2906) BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. (CVE-2023-4511) CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file. (CVE-2023-4512) BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. (CVE-2023-4513) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4511 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4512 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4513 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/ ======================== Updated packages in 9/core/updates_testing: ======================== dumpcap-4.0.8-1.mga9 lib(64)wireshark16-4.0.8-1.mga9 lib(64)wireshark-devel-4.0.8-1.mga9 lib(64)wiretap13-4.0.8-1.mga9 lib(64)wsutil14-4.0.8-1.mga9 rawshark-4.0.8-1.mga9 tshark-4.0.8-1.mga9 wireshark-4.0.8-1.mga9 wireshark-tools-4.0.8-1.mga9 from SRPM: wireshark-4.0.8-1.mga9.src.rpm Updated packages in 8/core/updates_testing: dumpcap-3.4.16-1.1.mga8 lib(64)wireshark14-3.4.16-1.1.mga8 lib(64)wireshark-devel-3.4.16-1.1.mga8 lib(64)wiretap11-3.4.16-1.1.mga8 lib(64)wsutil12-3.4.16-1.1.mga8 rawshark-3.4.16-1.1.mga8 tshark-3.4.16-1.1.mga8 wireshark-3.4.16-1.1.mga8 wireshark-tools-3.4.16-1.1.mga8 from SRPM: wireshark-3.4.16-1.1.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugs
CC: (none) => mageia
MGA8-64 Xfce on Acer Aspire 5253 No installation issues. Ref bug 30832 Comment 1 for testing $ wireshark -n -w wiresharktest.pcapng $ tshark -nr wiresharktest.pcapng | more 1 0.000000000 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device /SW Version Request) 2 0.001079448 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 3 1.925579091 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device /SW Version Request) 4 1.926419575 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 5 3.993872992 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device /SW Version Request) 6 3.994878354 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 7 5.939209953 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device /SW Version Request) 8 5.940276881 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 9 7.987249919 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device /SW Version Request) 10 7.988341512 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 11 8.494307386 192.168.2.7 → 192.168.2.1 TCP 66 1020 → 2049 [ACK] Seq=1 Ack=1 Win=501 Len=0 TSval=75294525 2 TSecr=1836267317 12 8.496969479 192.168.2.1 → 192.168.2.7 TCP 66 [TCP ACKed unseen segment] 2049 → 1020 [ACK] Seq=1 Ack=2 W in=501 Len=0 TSval=1836297397 TSecr=752915174 etc...... $ editcap -r wiresharktest.pcapng wiresharktest50 1-50 file created, looks OK in wireshark $ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50 starts merging till at the end: Record: 7708 mergecap: merging complete $ randpkt -b 500 -t dns wireshark_dns.pcap file created, looks sensible in wireshark $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/... - pcapng File encapsulation: Ethernet File timestamp precision: nanoseconds (9) Packet size limit: file hdr: (not set) Number of packets: 50 File size: 5,272 bytes Data size: 3,421 bytes Capture duration: 30.083222253 seconds First packet time: 2023-09-25 15:16:20.928951991 Last packet time: 2023-09-25 15:16:51.012174244 Data byte rate: 113 bytes/s Data bit rate: 909 bits/s Average packet size: 68.42 bytes Average packet rate: 1 packets/s SHA256: 41a98d9f93e4ccf264129412de1a9e177af7e43882077168712926cba4afaa11 RIPEMD160: 905e1ad78a54d8936f9cb447c35ade09b5e5a20d SHA1: bf2a668e20c42a36f5fc24e511af06581e3c5d12 Strict time order: True Capture hardware: AMD C-50 Processor Capture oper-sys: Linux 5.15.126-server-1.mga8 Capture application: Dumpcap (Wireshark) 3.4.16 (Git commit 428db086d791) Number of interfaces in file: 1 Interface #0 info: Name = wlp7s0 Encapsulation = Ethernet (1 - ether) Capture length = 262144 Time precision = nanoseconds (9) Time ticks per second = 1000000000 Time resolution = 0x09 Operating system = Linux 5.15.126-server-1.mga8 Number of stat entries = 0 Number of packets = 50 is OK All feedback and files created look OK.
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
MGA9-64 Xfce on Acer Aspire 5253 No installation issues. Ref bug 30832 Comment 1 for testing $ wireshark -n -w wiresharktest.pcapng ** (wireshark:31862) 16:49:38.385350 [Capture MESSAGE] -- Capture Start ... ** (wireshark:31862) 16:49:38.615729 [Capture MESSAGE] -- Capture started ** (wireshark:31862) 16:49:38.615896 [Capture MESSAGE] -- File: "wiresharktest.pcapng" ** (wireshark:31862) 17:09:47.265330 [Capture MESSAGE] -- Capture Stop ... ** (wireshark:31862) 17:09:47.590457 [Capture MESSAGE] -- Capture stopped. $ tshark -nr wiresharktest.pcapng | more 1 0.000000000 192.168.2.15 → 255.255.255.255 UDP 58 53805 → 53805 Len=16 2 0.000105762 fe80::3631:c4ff:fe80:a9b4 → ff02::1 UDP 78 53805 → 53805 Len=16 3 0.102401496 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get De vice/SW Version Request) 4 0.103516640 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 5 2.048041409 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get De vice/SW Version Request) 6 2.049025130 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 7 3.349760637 90:00:4e:73:13:b3 → 3c:7c:3f:d5:d0:af ARP 42 Who has 192.168.2.1? Tell 192.168.2.7 8 3.352255137 3c:7c:3f:d5:d0:af → 90:00:4e:73:13:b3 ARP 60 192.168.2.1 is at 3c:7c:3f:d5:d0:af 9 4.096098414 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get De vice/SW Version Request) 10 4.097141453 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 11 6.144072232 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get De vice/SW Version Request) 12 6.145117972 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 13 8.089753041 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get De vice/SW Version Request) 14 8.090793420 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 15 10.137911474 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get D evice/SW Version Request) 16 10.138883151 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 17 10.546752482 192.168.2.7 → 192.168.2.1 NFS 250 V4 Call GETATTR FH: 0xd8e8bbfc 18 10.549321892 192.168.2.1 → 192.168.2.7 NFS 310 V4 Reply (Call In 17) GETATTR 19 10.549453693 192.168.2.7 → 192.168.2.1 TCP 66 828 → 2049 [ACK] Seq=185 Ack=245 Win=561 Len=0 TSval= 1231669134 TSecr=1841897184 20 10.554577291 192.168.2.7 → 192.168.2.1 NFS 250 V4 Call GETATTR FH: 0xd8e8bbfc 21 10.556561354 192.168.2.1 → 192.168.2.7 NFS 310 V4 Reply (Call In 20) GETATTR etc...... $ editcap -r wiresharktest.pcapng wiresharktest50 1-50 file displays OK in wireshark $ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50 Mergecap (Wireshark) 4.0.8 (Git commit 81696bb74857). Copyright 1998-2023 Gerald Combs <gerald@wireshark.org> and contributors. Licensed under the terms of the GNU General Public License (version 2 or later). This is free software; see the file named COPYING in the distribution. There is NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) using GCC 12.3.0, with GLib 2.76.3, with PCRE2, with zlib 1.2.13, with binary plugins. Running on Linux 6.4.9-server-4.mga9, with AMD C-50 Processor, with 3641 MB of physical memory, with GLib 2.76.3, with PCRE2 10.42 2022-12-11, with zlib 1.2.13, with LC_TYPE=C, binary plugins supported. No merging , no file created syntax has changed, has to be $ mergecap -V -w wiresharkmerged wiresharktest.pcapng wiresharktest50 merging runs till Record: 836506 mergecap: merging complete file is same size as the original one: OK $ randpkt -b 500 -t dns wireshark_dns.pcap file created, looks sensible in wireshark $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/... - pcapng File encapsulation: Ethernet File timestamp precision: nanoseconds (9) Packet size limit: file hdr: (not set) Number of packets: 50 File size: 12 kB Data size: 10 kB Capture duration: 10.704521355 seconds First packet time: 2023-09-25 16:49:38.663687709 Last packet time: 2023-09-25 16:49:49.368209064 Data byte rate: 944 bytes/s Data bit rate: 7,552 bits/s Average packet size: 202.12 bytes Average packet rate: 4 packets/s SHA256: 466414958157f90cf8c0f5929563a8078c94fb443944e407e7e5184930a9b458 RIPEMD160: 1360119893a4ea1a1701b18963ea2ad9754203c0 SHA1: 43e44006b74da7031c4fa3351a1163cf92af43ad Strict time order: True Capture hardware: AMD C-50 Processor Capture oper-sys: Linux 6.4.9-server-4.mga9 Capture application: Dumpcap (Wireshark) 4.0.8 (Git commit 81696bb74857) Number of interfaces in file: 1 Interface #0 info: Name = wlp7s0 Encapsulation = Ethernet (1 - ether) Capture length = 262144 Time precision = nanoseconds (9) Time ticks per second = 1000000000 Time resolution = 0x09 Operating system = Linux 6.4.9-server-4.mga9 Number of stat entries = 0 Number of packets = 50 As good as the M8 update, setting OK.
Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
Validating. Advisory in comment 5.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => marja11
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0275.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED