+++ This bug was initially created as a clone of Bug #6033 +++ Mageia 2, and Cauldron are all affected. See: http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html Update for Mageia 2 built, Cauldron pending. wireshark-1.6.8-1.mga2 libwireshark1-1.6.8-1.mga2 libwireshark-devel-1.6.8-1.mga2 wireshark-tools-1.6.8-1.mga2 tshark-1.6.8-1.mga2 rawshark-1.6.8-1.mga2 dumpcap-1.6.8-1.mga2 from wireshark-1.6.8-1.mga2.src.rpm
There is now wireshark-1.6.8-1.mga2 in core/updates_testing to validate (packages as listed above in by Luigi) ------------------------------------------------------- Suggested advisory: ------------------- This update addresses the following CVEs: o Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) o The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) o Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) Other fixes in this release: o fixes 12 various other bugs (not security-related) ------------------------------------------------------- Steps to reproduce: - install/update to update candidate - POC should be available via the wnpa-sec links listed in advisory, which usually link to relevant bug reports which have POCs
CC: (none) => stormiBlocks: (none) => 6033
Using the pcap files from attachment 2488 [details] Testing complete on i586 Mageia 2 for wireshark-1.6.8-1.mga2.src.rpm wireshark works with fuzz-2012-04-18-27798.pcap before and after the update. With all of the other pcap files, it goes into a loop requiring wireshark to be killed before the update, and works ok after the update.
CC: (none) => davidwhodginsWhiteboard: (none) => mga2-32-OK
Tested wireshark-1.6.8-1.mga2 on x86_64 Before the upgrade only fuzz-2012-04-18-27798.pcap worked. All the other pcap files lock up wireshark. After the upgrade there is no difference. All the pcap files except fuzz cause wireshark to lock up. When started from the command line I see this message when trying to open a pcap test file. 22:30:22 Warn Dissector bug, protocol LTP, in packet 1: More than 1000000 items in the tree -- possible infinite loop $ wireshark -v wireshark 1.6.8 (SVN Rev Unknown from unknown) Copyright 1998-2012 Gerald Combs <gerald@wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.10, with GLib 2.32.1, with libpcap (version unknown), with libz 1.2.6, with POSIX capabilities (Linux), with libpcre (version unknown), with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.1, without Python, without GnuTLS, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jan 3 2012), with AirPcap. Running on Linux 3.3.6-desktop-2.mga2, with libpcap version 1.2.1, with libz 1.2.6, Gcrypt 1.5.0, without AirPcap. Built using gcc 4.6.3. Any ideas why x86_64 should be behaving differently to i586?
CC: (none) => derekjenn
(In reply to comment #3) > Tested wireshark-1.6.8-1.mga2 on x86_64 > > Before the upgrade only fuzz-2012-04-18-27798.pcap worked. All the other pcap > files lock up wireshark. > > After the upgrade there is no difference. All the pcap files except fuzz cause > wireshark to lock up. > > > Any ideas why x86_64 should be behaving differently to i586? Tested on x86_64, all capture dumps can be loaded just fine without wireshark locking up, as Dave already mentioned. How did you do the upgrade to newer wireshark?
Upgrading wireshark does not pull in the latest version of lib64wireshark1 Once I upgraded lib64wireshark1 it would open the .pcap files OK Validated for x86_64
Whiteboard: mga2-32-OK => mga2-32-OK mga2-64-OK
(In reply to comment #5) > Upgrading wireshark does not pull in the latest version of lib64wireshark1 > > Once I upgraded lib64wireshark1 it would open the .pcap files OK Once again, how exactly did you perform the upgrade to newer wireshark?
(In reply to comment #6) > (In reply to comment #5) > > Upgrading wireshark does not pull in the latest version of lib64wireshark1 > > > > Once I upgraded lib64wireshark1 it would open the .pcap files OK > > > Once again, how exactly did you perform the upgrade to newer wireshark? urpmi wireshark
(In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > Upgrading wireshark does not pull in the latest version of lib64wireshark1 > > > > > > Once I upgraded lib64wireshark1 it would open the .pcap files OK > > > > > > Once again, how exactly did you perform the upgrade to newer wireshark? > > urpmi wireshark The wireshark requires on the lib do not include the version, so the existing installed version was enough to satisfy the requires. If the update had been installed using mgaapplet, urpmi --auto-select, or by using urpmi when wireshark had not previously been installed, the updates testing version of the library would have been selected. It would be better if wireshark required the same version of the library. However, as this is not the standard way of installing updates, I don't think it should block this update. Florian, should the requires be changed, or go ahead and validate? I'm ok with either choice.
(In reply to comment #8) > Florian, should the requires be changed, or go ahead and validate? I'm > ok with either choice. Well, yes and yes :D As this update already took too long, it should be validated as-is, and i'll look into putting stricter requires for next update. FWIW, because of convenience reasons and to check dependencies, this is the same way i'm installing update candidates from local repos, so it should definitely be fixed ;)
Thanks Florian. Validating then. advisory: ------------------- This update addresses the following CVEs: o Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) o The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) o Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) Other fixes in this release: o fixes 12 various other bugs (not security-related) ------------------------------------------------------- SRPM: wireshark-1.6.8-1.mga2.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0134
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED