Suggested advisory:
========================

The updated packages fix a security vulnerability:

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.2.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. (CVE-2024-8250)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKFBRZUBCTYT4V2V5ONIWBIEEUYHI3HD/
========================

Updated packages in core/updates_testing:
========================
dumpcap-4.0.17-1.mga9
lib(64)wireshark16-4.0.17-1.mga9
lib(64)wireshark-devel-4.0.17-1.mga9
lib(64)wiretap13-4.0.17-1.mga9
lib(64)wsutil14-4.0.17-1.mga9
rawshark-4.0.17-1.mga9
tshark-4.0.17-1.mga9
wireshark-4.0.17-1.mga9
wireshark-tools-4.0.17-1.mga9

from SRPM:
wireshark-4.0.17-1.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Whiteboard: MGA9TOO => (none)
Source RPM: wireshark-4.2.6-1.mga10.src.rpm, wireshark-4.0.15-1.mga9.src.rpm => wireshark-4.0.15-1.mga9.src.rpm
Version: Cauldron => 9
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 4.2.7 (for Cauldron) and 4.0.17 (for Mga9) => (none)

Installed and tested without issues.

Tested:
- packet capture;
- filters;
- saving and loading, including previous captures;
- bunch of other minor functions.

This was a quick test (don't have time for more now) but no issues were found.



System: Mageia 9, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.



$ uname -a
Linux jupiter 6.6.50-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sun Sep  8 12:38:27 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep 4.0.17-1
lib64wsutil14-4.0.17-1.mga9
lib64wiretap13-4.0.17-1.mga9
lib64wireshark16-4.0.17-1.mga9
dumpcap-4.0.17-1.mga9
wireshark-4.0.17-1.mga9

CC: (none) => mageia

MGA9-32

The following 39 packages are going to be installed:

- dumpcap-4.0.17-1.mga9.i586
- libassimp5-5.2.2-4.1.mga9.i586
- libbcg729_0-1.1.1-2.mga9.i586
- liblua5.1-5.1.5-22.mga9.i586
- libpoly2tri1.0-1.0-0.20220520.1.mga9.i586
- libqt6concurrent6-6.4.1-5.mga9.i586
- libqt6core5compat6-6.4.1-3.mga9.i586
- libqt6multimedia-plugins-6.4.1-2.mga9.i586
- libqt6multimedia6-6.4.1-2.mga9.i586
- libqt6multimediaquick6-6.4.1-2.mga9.i586
- libqt6quick3d6-6.4.1-2.mga9.i586
- libqt6quick3dassetimport6-6.4.1-2.mga9.i586
- libqt6quick3dassetutils6-6.4.1-2.mga9.i586
- libqt6quick3deffects6-6.4.1-2.mga9.i586
- libqt6quick3dglslparser6-6.4.1-2.mga9.i586
- libqt6quick3dhelpers6-6.4.1-2.mga9.i586
- libqt6quick3diblbaker6-6.4.1-2.mga9.i586
- libqt6quick3dparticleeffects6-6.4.1-2.mga9.i586
- libqt6quick3dparticles6-6.4.1-2.mga9.i586
- libqt6quick3druntimerender6-6.4.1-2.mga9.i586
- libqt6quick3dspatialaudio6-6.4.1-2.mga9.i586
- libqt6quick3dutils6-6.4.1-2.mga9.i586
- libqt6quicktimeline6-6.4.1-2.mga9.i586
- libqt6shadertools6-6.4.1-2.mga9.i586
- libqt6spatialaudio6-6.4.1-2.mga9.i586
- libsmi-mibs-std-0.5.0-5.mga9.i586
- libsmi2-0.5.0-5.mga9.i586
- libstbi1-1.33-8.mga9.i586
- libwireshark16-4.0.17-1.mga9.i586
- libwiretap13-4.0.17-1.mga9.i586
- libwsutil14-4.0.17-1.mga9.i586
- qt5compat6-6.4.1-3.mga9.i586
- qtimageformats6-6.4.1-1.mga9.i586
- qtmultimedia6-6.4.1-2.mga9.i586
- qtquick3d6-6.4.1-2.mga9.i586
- qtquicktimeline6-6.4.1-2.mga9.i586
- qtshadertools6-6.4.1-2.mga9.i586
- smi-tools-0.5.0-5.mga9.i586
- wireshark-4.0.17-1.mga9.i586

147MB of additional disk space will be used.

37MB of packages will be retrieved.

--

executed wireshark from command line as root

I was able to perform captures

working for me

CC: (none) => brtians1
Whiteboard: (none) => MGA9-32-OK

Validating. Advisory information in Comment 1.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

(In reply to Thomas Andrews from comment #4)
> Validating. Advisory information in Comment 1.

I skip this , thank you, to remember the lack of advisory

Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0303.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED