Bug 6861 - wireshark new releases 1.6.9 and 1.8.1 fix security issues
: wireshark new releases 1.6.9 and 1.8.1 fix security issues
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://www.wireshark.org/news/2012072...
: MGA2-32-OK MGA2-64-OK
: validated_update
:
: 6033
  Show dependency treegraph
 
Reported: 2012-07-24 13:08 CEST by David Walser
Modified: 2012-08-12 20:49 CEST (History)
5 users (show)

See Also:
Source RPM: wireshark-1.6.8-1.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-07-24 13:08:08 CEST
Vulnerabilities in the PPP and NFS dissectors have been fixed:
http://www.wireshark.org/news/20120722.html

Solution is to upgrade Cauldron to 1.8.2 and Mageia 2 to 1.6.9.

I don't know if there's any fixes available for 1.4.x for Mageia 1.
Comment 1 David Walser 2012-08-01 21:34:42 CEST
Apparently there is a 1.4.14 (noted in Bug 6033), as OpenSuSE has it.

Wireshark 1.6.9 also fixes CVE-2012-4048 and CVE-2012-4049.

http://lwn.net/Vulnerabilities/509204/
Comment 2 David Walser 2012-08-06 16:13:53 CEST
Mandriva has issued an advisory for this today (August 6):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:125
Comment 3 David Walser 2012-08-09 20:28:48 CEST
Updated packages uploaded for Mageia 2 and Cauldron.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9,
and 1.8.x before 1.8.1 allows remote attackers to cause a denial of
service (invalid pointer dereference and application crash) via a
crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048).

epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote
attackers to cause a denial of service (loop and CPU consumption) via a
crafted packet (CVE-2012-4049).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049
http://www.wireshark.org/security/wnpa-sec-2012-11.html
http://www.wireshark.org/security/wnpa-sec-2012-12.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.9.html
http://www.wireshark.org/news/20120722.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.6.9-1.mga2
libwireshark1-1.6.9-1.mga2
libwireshark-devel-1.6.9-1.mga2
wireshark-tools-1.6.9-1.mga2
tshark-1.6.9-1.mga2
rawshark-1.6.9-1.mga2
dumpcap-1.6.9-1.mga2

from wireshark-1.6.9-1.mga2.src.rpm
Comment 4 Dave Hodgins 2012-08-10 06:35:23 CEST
As per bug 6033, I can't recreate either bug with the Core Updates
version.  I've checked both Mageia 2 i586 and x86-64 before and
after updating.  No regressions found, but is there any point in
pushing this update?
Comment 5 David Walser 2012-08-10 14:36:04 CEST
OpenSuSE and Mandriva have pushed it, so yes, let's please follow suit.
Comment 6 Dave Hodgins 2012-08-11 22:01:36 CEST
Validating the update.

Could someone from the sysadmin team push the srpm
wireshark-1.6.9-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated wireshark packages fix security vulnerabilities:

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9,
and 1.8.x before 1.8.1 allows remote attackers to cause a denial of
service (invalid pointer dereference and application crash) via a
crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048).

epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote
attackers to cause a denial of service (loop and CPU consumption) via a
crafted packet (CVE-2012-4049).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049
http://www.wireshark.org/security/wnpa-sec-2012-11.html
http://www.wireshark.org/security/wnpa-sec-2012-12.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.9.html
http://www.wireshark.org/news/20120722.html

https://bugs.mageia.org/show_bug.cgi?id=6861
Comment 7 Thomas Backlund 2012-08-12 20:49:06 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0210

Note You need to log in before you can comment on or make changes to this bug.