Fedora has issued an advisory on February 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/ Those issues are fixed in version 4.0.12. Mageia 9 is also affected.
CVE: (none) => CVE-2023-5371, CVE-2023-6174, CVE-2023-6175, CVE-2024-0208Whiteboard: (none) => MGA9TOOSource RPM: (none) => wireshark-4.0.8-1.mga10.src.rpm
Status comment: (none) => Fixed upstream in 4.0.12
Suggested advisory: ======================== The updated packages fix security vulnerabilities: RTPS dissector memory leak. (CVE-2023-5371) SSH dissector invalid read of memory blocks. (CVE-2023-6174) NetScreen File Parsing Heap-based Buffer Overflow. (CVE-2023-6175) GVCP dissector crash via packet injection or crafted capture file. (CVE-2024-0208) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/ ======================== Updated packages in core/updates_testing: ======================== dumpcap-4.0.12-1.mga9 lib(64)wireshark16-4.0.12-1.mga9 lib(64)wireshark-devel-4.0.12-1.mga9 lib(64)wiretap13-4.0.12-1.mga9 lib(64)wsutil14-4.0.12-1.mga9 rawshark-4.0.12-1.mga9 tshark-4.0.12-1.mga9 wireshark-4.0.12-1.mga9 wireshark-tools-4.0.12-1.mga9 from SRPM: wireshark-4.0.12-1.mga9.src.rpm
Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Assignee: bugsquad => qa-bugsSource RPM: wireshark-4.0.8-1.mga10.src.rpm => wireshark-4.0.8-1.mga9.src.rpmStatus comment: Fixed upstream in 4.0.12 => (none)Status: NEW => ASSIGNED
URL: (none) => https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/CC: (none) => marja11
Keywords: (none) => advisory
CC: (none) => mageia
On it.
CC: (none) => tarazed25
MGA9-64 Plasma Wayland on HP Pavillion No installation issues. Tried to follow bug 32275, encounterd some niggles $ wireshark -n -w wiresharktest.pcapng ** (wireshark:154239) 17:01:21.327996 [GUI WARNING] -- Could not find the Qt platform plugin "wayland" in "" ** (wireshark:154239) 17:11:55.596869 [Capture MESSAGE] -- Capture Start ... ** (wireshark:154239) 17:11:55.848105 [Capture MESSAGE] -- Error message from child: "Couldn't run /usr/bin/dumpcap in child process: Toegang geweigerd", "" ** (wireshark:154239) 17:12:04.155627 [Capture MESSAGE] -- Capture stopped. Remember vaguely issues in the past with running as normal user, so abandoned and run as root. # wireshark -n -w wiresharktest.pcapng ** (wireshark:155092) 17:13:16.480985 [GUI WARNING] -- QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' ** (wireshark:155092) 17:13:29.389793 [Capture MESSAGE] -- Capture Start ... ** (wireshark:155092) 17:13:29.506078 [Capture MESSAGE] -- Error message from child: "The file to which the capture would be saved ("wiresharktest.pcapng") could not be opened: Permission denied.", "" ** (wireshark:155092) 17:13:40.582905 [Capture MESSAGE] -- Capture stopped. ** (wireshark:155092) 17:15:44.538928 [Capture MESSAGE] -- Capture Start ... ** (wireshark:155092) 17:15:44.693024 [Capture MESSAGE] -- Capture started ** (wireshark:155092) 17:15:44.693192 [Capture MESSAGE] -- File: "/tmp/wireshark_wlp0s20u22GNOJ2.pcapng" ** (wireshark:155092) 17:16:32.394513 [Capture MESSAGE] -- Capture Stop ... ** (wireshark:155092) 17:16:32.505498 [Capture MESSAGE] -- Capture stopped. Got a nice capture file, continuing as normal user: $ tshark -nr wiresharktest.pcapng | more 1 0.000000000 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device/SW Version Request) 2 0.001122982 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 3 2.048091609 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device/SW Version Request) 4 2.049048447 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II 5 3.993808464 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff HomePlug AV 60 Qualcomm Atheros, GET_SW.REQ (Get Device/SW Version Request) 6 3.994845205 34:31:c4:80:a9:b4 → ff:ff:ff:ff:ff:ff 0x8912 60 Ethernet II etc ...... looks OK $ editcap -r wiresharktest.pcapng wiresharktest50 1-50 resulting file looks OK in wireshark. Now I'm pretty sure I copy/pasted the commands in my previous updates from the CLI, no retyping!!!! $ mergecap -v -w wiresharkmerged wiresharktest.pcapng wiresharktest50 Mergecap (Wireshark) 4.0.12 (Git commit 5af2f2da9443). Copyright 1998-2024 Gerald Combs <gerald@wireshark.org> and contributors. Licensed under the terms of the GNU General Public License (version 2 or later). This is free software; see the file named COPYING in the distribution. There is NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) using GCC 12.3.0, with GLib 2.76.3, with PCRE2, with zlib 1.2.13, with binary plugins. Running on Linux 6.6.14-server-2.mga9, with Intel(R) Pentium(R) CPU N3710 @ 1.60GHz (with SSE4.2), with 3770 MB of physical memory, with GLib 2.76.3, with PCRE2 10.42 2022-12-11, with zlib 1.2.13, with LC_TYPE=C, binary plugins supported. OK $ mergecap -V -w wiresharkmerged wiresharktest.pcapng wiresharktest50 mergecap: wiresharktest.pcapng is type Wireshark/... - pcapng. mergecap: wiresharktest50 is type Wireshark/... - pcapng. mergecap: selected frame_type Ethernet (ether) mergecap: ready to merge records Record: 1 Record: 2 Record: 3 Record: 4 etc.... til Record: 521 Record: 522 mergecap: merging complete looks OK now $ randpkt -b 500 -t dns wireshark_dns.pcap file created, looks sensible in wireshark $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/... - pcapng File encapsulation: Ethernet File timestamp precision: nanoseconds (9) Packet size limit: file hdr: (not set) Number of packets: 50 File size: 9.764 bytes Data size: 7.871 bytes Capture duration: 22,243684758 seconds First packet time: 2024-02-19 17:15:46,183744680 Last packet time: 2024-02-19 17:16:08,427429438 Data byte rate: 353 bytes/s Data bit rate: 2.830 bits/s Average packet size: 157,42 bytes Average packet rate: 2 packets/s SHA256: 43a8151b4ad705b58d7f7e146b395f85e9e1d043976298003dcc386784b89c43 RIPEMD160: 96f805b51b91c2d12e1b3514d028c03967f8cadb SHA1: 54a2246dae56caf9528a18fb2d40947d618ec12b Strict time order: True Capture hardware: Intel(R) Pentium(R) CPU N3710 @ 1.60GHz (with SSE4.2) Capture oper-sys: Linux 6.6.14-server-2.mga9 Capture application: Dumpcap (Wireshark) 4.0.12 (Git commit 5af2f2da9443) Number of interfaces in file: 1 Interface #0 info: Name = wlp0s20u2 Encapsulation = Ethernet (1 - ether) Capture length = 262144 Time precision = nanoseconds (9) Time ticks per second = 1000000000 Time resolution = 0x09 Operating system = Linux 6.6.14-server-2.mga9 Number of stat entries = 0 Number of packets = 50 OK Looks good enough for me
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Sorry Herman - we just banged heads. Ah well... Mageia9, x86_64 User joined wireshark group. Using a capture file made earlier examined it with wireshark - looked OK. Updated the whole list. $ wireshark -n lcl1.cap A list of ethernet capture frames appeared. Possible to examine individual frames in greater detail. Used the network analyser interface to capture packets from the ethernet interface, let it run for a minute or so. Was able to recognise the local machine, the NAS device, powerline adapter and the router amognst other things. Copied that file to wiresharktest. The following tests are based on https://wiki.mageia.org/en/QA_procedure:Wireshark $ wireshark -n wiresharktest displayed the data that had just been collected. $ tshark -nr wiresharktest showed the same data in thw terminal. $ editcap -r wiresharktest wiresharktest50 1-50 That created a file containing the first 50 packets from the original capture. Did not see any remarks in the terminal. $ mergecap -v -w wiresharkmerged wiresharktest wiresharktest50 Mergecap (Wireshark) 4.0.12 (Git commit 5af2f2da9443). Copyright 1998-2024 Gerald Combs <gerald@wireshark.org> and contributors. Licensed under the terms of the GNU General Public License (version 2 or later). This is free software; see the file named COPYING in the distribution. There is NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) using GCC 12.3.0, with GLib 2.76.3, with PCRE2, with zlib 1.2.13, with binary plugins. Running on Linux 6.6.14-desktop-2.mga9, with 12th Gen Intel(R) Core(TM) i7-1260P (with SSE4.2), with 31683 MB of physical memory, with GLib 2.76.3, with PCRE2 10.42 2022-12-11, with zlib 1.2.13, with LC_TYPE=C, binary plugins supported. Note that the expected comments did not appear, so maybe the verbose option has changed its behaviour? $ randpkt -b 500 -t dns wireshark_dns.pcap $ wireshark wireshark_dns.pcap That displayed 1000 DNS records. As noted on earlier bugs dftest is no longer provided (since Mageia6). $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/... - pcapng File encapsulation: Ethernet File timestamp precision: nanoseconds (9) Packet size limit: file hdr: (not set) Number of packets: 50 File size: 9,856 bytes Data size: 7,969 bytes Capture duration: 39.152666062 seconds First packet time: 2024-02-19 16:15:53.312089683 Last packet time: 2024-02-19 16:16:32.464755745 Data byte rate: 203 bytes/s Data bit rate: 1,628 bits/s ..... This looks good to me.
Thank you, Gentlemen! Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0045.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED