Mageia 1, Mageia 2, and Cauldron are all affected. See: http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html http://www.wireshark.org/docs/relnotes/wireshark-1.4.13.html
CC: (none) => doktor5000
There should be one bug for mga1 and one for mga2 too, this way it's easier to track.
CC: (none) => sander.lepik
Here is a Mandriva advisory for this wireshark update: http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:080
*** Bug 5904 has been marked as a duplicate of this bug. ***
CC: (none) => kristoffer.grundstrom1983
Version: 1 => CauldronWhiteboard: (none) => MGA2TOO, MGA1TOO
Update for Mageia 1 built by Florian. Cauldron and Mageia 2 pending. wireshark-1.4.13-1.mga1 libwireshark0-1.4.13-1.mga1 libwireshark-devel-1.4.13-1.mga1 wireshark-tools-1.4.13-1.mga1 tshark-1.4.13-1.mga1 rawshark-1.4.13-1.mga1 dumpcap-1.4.13-1.mga1 from wireshark-1.4.13-1.mga1.src.rpm
Update for Mageia 2 built by Florian. Cauldron pending. wireshark-1.6.8-1.mga2 libwireshark1-1.6.8-1.mga2 libwireshark-devel-1.6.8-1.mga2 wireshark-tools-1.6.8-1.mga2 tshark-1.6.8-1.mga2 rawshark-1.6.8-1.mga2 dumpcap-1.6.8-1.mga2 from wireshark-1.6.8-1.mga2.src.rpm
(In reply to comment #5) > Cauldron pending. Looks like it choked on the updated lua in Cauldron. We might as well move to 1.8.0 for Cauldron: http://www.wireshark.org/news/20120621.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html
So i think we can start the validation, i'll update cauldron later today to 1.8.0 as this seems the only one which support lua >= 5.1 and we already have 5.2 in mga2. There is now wireshark-1.4.13-1.mga1 in core/updates_testing to validate (packages as listed above in by Luigi) ------------------------------------------------------- Suggested advisory: ------------------- This update addresses the following CVEs: o Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) o The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) o Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) Other fixes in this release: o fixes 4 various other bugs (not security-related) ------------------------------------------------------- Steps to reproduce: - install/update to update candidate - POC should be available via the wnpa-sec links listed in advisory, which usually link to relevant bug reports which have POCs
Status: NEW => ASSIGNEDHardware: i586 => AllVersion: Cauldron => 1Assignee: bugsquad => qa-bugsWhiteboard: MGA2TOO, MGA1TOO => (none)
Depends on: (none) => 6543
CC: (none) => stormiSummary: new wireshark releases 1.6.8 and 1.4.13 fix security issues => new wireshark release 1.4.13 fixes security issues
Testing Mageia 1 i586.
CC: (none) => davidwhodgins
Testing Core Updates version Testing wnpa-sec-2012-09 wireshark fuzz-2012-04-18-27798.pcap Segmentation fault Testing wnpa-sec-2012-08 wireshark 80211-loop.pcap No problems noticed. wireshark 802.3.pcap No problems noticed. wireshark ansimap.pcap No problems noticed. Does display message about malformed packet. wireshark asf.pcap No problems noticed. wireshark bacapp.pcap No problems noticed. wireshark hcievt.pcap No problems noticed. wireshark ltp.pcap No problems noticed. Does display message about malformed packet. wireshark r3.pcap No problems noticed. After installing the updates testing version, all test results are identical, including the segfault. I'll attach a compressed file with all of the test pcap files.
Created attachment 2488 [details] pcap test files
Note that wnpa-sec-2012-10 requires a SPARC or Itanium processor, so not testing that one. Just to be clear, wireshark-1.4.13-1.mga1.src.rpm does not pass testing, as the segfault still happens with fuzz-2012-04-18-27798.pcap.
Testing complete on i586 Mageia 2 for wireshark-1.6.8-1.mga2.src.rpm wireshark works with fuzz-2012-04-18-27798.pcap before and after the update. With all of the other pcap files, it goes into a loop requiring wireshark to be killed before the update, and works ok after the update.
Whiteboard: (none) => mga2-32-OK
(In reply to comment #12) > Testing complete on i586 Mageia 2 for > wireshark-1.6.8-1.mga2.src.rpm Mageia 2 got moved to Bug 6543.
(In reply to comment #13) > (In reply to comment #12) > > Testing complete on i586 Mageia 2 for > > wireshark-1.6.8-1.mga2.src.rpm > > Mageia 2 got moved to Bug 6543. Ah. Thanks. I've now updated that bug, and removed the mga2-32-OK whiteboard entry from this one.
Whiteboard: mga2-32-OK => (none)
(In reply to comment #11) > > Just to be clear, wireshark-1.4.13-1.mga1.src.rpm does not pass > testing, as the segfault still happens with > fuzz-2012-04-18-27798.pcap. Reproduced, created a backtrace and reported upstream: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7399 So we should suspend validation until next wireshark version is out or a patch is availabe for 1.4 version branch.
Assigning Florian until the patch is available. Please reassign to QA when ready. Thanks!
CC: (none) => qa-bugsAssignee: qa-bugs => doktor5000
Sorry, forgot to take it back :/
OpenSuSE has a Wireshark 1.4.14, and released an advisory for it today: http://lists.opensuse.org/opensuse-updates/2012-08/msg00000.html It fixes CVE-2012-4048 and CVE-2012-4049.
Above mentioned bug is still in 1.4 branch: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7399 But will take a look at 1.4.14 (if i find some time :/ )
(In reply to comment #19) > Above mentioned bug is still in 1.4 branch: > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7399 > But will take a look at 1.4.14 (if i find some time :/ ) Bummer. Well if you get it packaged, we shouldn't let that bug hold up the update next time, since it does fix other issues.
Summary: new wireshark release 1.4.13 fixes security issues => new wireshark release 1.4.14 fixes security issues
Mandriva has issued an advisory for this today (August 6): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:125
Updated package uploaded for Mageia 1. Note to QA: if any of the reproducers still work, we'll just remove it from the advisory. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors (CVE-2012-2392). epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation (CVE-2012-2393). Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet (CVE-2012-2394). The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048). epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049 http://www.wireshark.org/security/wnpa-sec-2012-08.html http://www.wireshark.org/security/wnpa-sec-2012-09.html http://www.wireshark.org/security/wnpa-sec-2012-10.html http://www.wireshark.org/security/wnpa-sec-2012-11.html http://www.wireshark.org/security/wnpa-sec-2012-12.html http://www.wireshark.org/docs/relnotes/wireshark-1.4.13.html http://www.wireshark.org/news/20120522.html http://www.wireshark.org/news/20120722.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.4.14-1.mga1 libwireshark0-1.4.14-1.mga1 libwireshark-devel-1.4.14-1.mga1 wireshark-tools-1.4.14-1.mga1 tshark-1.4.14-1.mga1 rawshark-1.4.14-1.mga1 dumpcap-1.4.14-1.mga1 from wireshark-1.4.14-1.mga1.src.rpm
Depends on: (none) => 6861Assignee: doktor5000 => qa-bugs
fuzz-2012-04-18-27798.pcap from wnpa-sec-2012-09 still segfaults. For CVE-2012-4048, testing using http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;filename=new.dump;att=1;bug=680056 from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056 For CVE-2012-4049, testing using https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8362 from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221 Can't recreate either problem using wireshark 1.4.12 on Mageia 1 i586. For the new.dump, wireshark doesn't recognize the format. For the pcap file, it displays the echo requests. Cpu usage is normal. Looks like it only affects Sun SPARC Solaris10. No change after installing the update. As expected, the other pcap files show the fixes. So should be excluded from the adivsory. Should CVE-2012-4048/9 be included if I can't reproduce the problem prior to the update? I'll test Mageia 1 x86-64 shortly.
Same results on x86-64. Meant to write above So wnpa-sec-2012-09 should be excluded from the advisory. Before I validate, should CVE-2012-4048/9 be included?
Whiteboard: (none) => MGA1-32-OK MGA1-64-OK feedback
Yes, they're included in Mandriva's advisory after all. I'll update the advisory. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors (CVE-2012-2392). Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet (CVE-2012-2394). The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048). epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049). Note: CVE-2012-2393 (denial of service flaw in the DIAMETER dissector) is *NOT* fixed by this update, despite being listed as fixed in the Wireshark 1.4.13 release notes. See Wireshark bug 7399 for more. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049 http://www.wireshark.org/security/wnpa-sec-2012-08.html http://www.wireshark.org/security/wnpa-sec-2012-10.html http://www.wireshark.org/security/wnpa-sec-2012-11.html http://www.wireshark.org/security/wnpa-sec-2012-12.html http://www.wireshark.org/docs/relnotes/wireshark-1.4.13.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7399 http://www.wireshark.org/news/20120522.html http://www.wireshark.org/news/20120722.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.4.14-1.mga1 libwireshark0-1.4.14-1.mga1 libwireshark-devel-1.4.14-1.mga1 wireshark-tools-1.4.14-1.mga1 tshark-1.4.14-1.mga1 rawshark-1.4.14-1.mga1 dumpcap-1.4.14-1.mga1 from wireshark-1.4.14-1.mga1.src.rpm
Whiteboard: MGA1-32-OK MGA1-64-OK feedback => MGA1-32-OK MGA1-64-OK
Validating the update. Could someone from the sysadmin team push the srpm wireshark-1.4.14-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. See comment 25 for the Advisory.
Oops. Sorry, forgot to add the email address and keyword. Could someone from the sysadmin team push the srpm wireshark-1.4.14-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. See comment 25 for the Advisory.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0206
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
How do we proceed regarding https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7399#c4 ?
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
(In reply to comment #29) > How do we proceed regarding > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7399#c4 ? Hopefully upstream will fix it. In the meantime, please don't reopen this bug. You can file a new bug for it if you wish.
Status: REOPENED => RESOLVEDResolution: (none) => FIXED
(In reply to comment #30) > (In reply to comment #29) > > How do we proceed regarding > > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7399#c4 ? > > Hopefully upstream will fix it. In the meantime, please don't reopen this bug. > You can file a new bug for it if you wish. Oh, I see it's WONTFIX. Then either: 1) there's nothing we can do about it 2) we can update Mageia 1 to 1.6.x (which would actually be a good idea if 1.4.x is EOL and Mageia 1 is not)