Announced today (October 2): http://www.wireshark.org/news/20121002.html
CC: (none) => doktor5000Whiteboard: (none) => MGA2TOO, MGA1TOO
For the Mageia 2 update, 1.6.11 only fixes one security issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239 http://www.wireshark.org/security/wnpa-sec-2012-28.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html
It's not immediately obvious whether Mageia 1 is affected as Wireshark 1.4 is no longer supported upstream.
Here's the code change for that vulnerability: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-drda.c?r1=44749&r2=44748&pathrev=44749 It appears that code is a while loop, looping because "there may be multiple DRDA commands in one frame," but that same code in 1.4 does not run inside of a while loop (so maybe it doesn't support multiple DRDA commands in one frame). I doubt this vulnerability, which is that the while loop could be infinite, is present in 1.4 given that the while loop itself is not there. If there's a PoC to test we can confirm this, but it seems highly likely.
Whiteboard: MGA2TOO, MGA1TOO => MGA2TOO
Updated packages uploaded for Mageia 2 and Cauldron. Advisory: ======================== Updated wireshark packages fix security vulnerability: Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239 http://www.wireshark.org/security/wnpa-sec-2012-28.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html http://www.wireshark.org/news/20121002.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.6.11-1.mga2 libwireshark1-1.6.11-1.mga2 libwireshark-devel-1.6.11-1.mga2 wireshark-tools-1.6.11-1.mga2 tshark-1.6.11-1.mga2 rawshark-1.6.11-1.mga2 dumpcap-1.6.11-1.mga2 from wireshark-1.6.11-1.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsWhiteboard: MGA2TOO => (none)
PoC: attached to this bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666 There are also instructions in the bug report, just open the capture file with wireshark or tshark -r
Whiteboard: (none) => has_procedure
Hardware: i586 => All
Testing complete on Mageia 2 x86-64 and i586. Thanks for the poc Claire. I've also confirmed that Mageia 1 is not affected. Could someone from the sysadmin team push the srpm wireshark-1.6.11-1.mga2.src.rpm from Core Updates Testing to Core Updates. Advisory: Updated wireshark packages fix security vulnerability: Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239 http://www.wireshark.org/security/wnpa-sec-2012-28.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.11.html http://www.wireshark.org/news/20121002.html https://bugs.mageia.org/show_bug.cgi?id=7681
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: has_procedure => has_procedure MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0284
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
The CVE has been updated to say that is a duplicate of CVE-2012-3548: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3548 This was also noted by LWN, who posted our advisory: http://lwn.net/Vulnerabilities/518920/ Could be update the advisory on the wiki and replace the CVE reference?