Bug 8239 - wireshark new releases 1.6.11 and 1.8.4 fix security issues
: wireshark new releases 1.6.11 and 1.8.4 fix security issues
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://www.wireshark.org/news/2012112...
: has_procedure mga2-64-OK mga2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-11-29 04:51 CET by David Walser
Modified: 2012-11-30 23:24 CET (History)
4 users (show)

See Also:
Source RPM: wireshark-1.6.11-1.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-11-29 04:51:51 CET
Announced today (November 28):
http://www.wireshark.org/news/20121128.html

Updated packages uploaded for Mageia 2 and Cauldron.

Curiously, no CVEs mentioned in the upstream advisories this time.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)

The ISAKMP dissector could crash. (wnpa-sec-2012-35)

The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)

The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)

The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)

The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40)

References:
http://www.wireshark.org/security/wnpa-sec-2012-31.html
http://www.wireshark.org/security/wnpa-sec-2012-35.html
http://www.wireshark.org/security/wnpa-sec-2012-36.html
http://www.wireshark.org/security/wnpa-sec-2012-37.html
http://www.wireshark.org/security/wnpa-sec-2012-38.html
http://www.wireshark.org/security/wnpa-sec-2012-40.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html
http://www.wireshark.org/news/20121128.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.6.12-1.mga2
libwireshark1-1.6.12-1.mga2
libwireshark-devel-1.6.12-1.mga2
wireshark-tools-1.6.12-1.mga2
tshark-1.6.12-1.mga2
rawshark-1.6.12-1.mga2
dumpcap-1.6.12-1.mga2

from wireshark-1.6.12-1.mga2.src.rpm
Comment 1 claire robinson 2012-11-29 12:38:45 CET
https://wiki.mageia.org/en/QA_procedure:Wireshark
Comment 2 claire robinson 2012-11-29 12:59:54 CET
Testing complete mga2 64

Created a capture as root and used it with the tests in the procedure.
Comment 3 Dave Hodgins 2012-11-29 23:35:29 CET
Testing complete on Mageia 2 i586 and x86-64, using the capture
files from the bug reports.

Before updating, one caused a segfault, one did not cause any problems,
the other 4 caused wireshark to go into a loop.

After updating, they all display correctly.

Could someone from the sysadmin team push the srpm
wireshark-1.6.12-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated wireshark packages fix security vulnerabilities:

The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)

The ISAKMP dissector could crash. (wnpa-sec-2012-35)

The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)

The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)

The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)

The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40)

References:
http://www.wireshark.org/security/wnpa-sec-2012-31.html
http://www.wireshark.org/security/wnpa-sec-2012-35.html
http://www.wireshark.org/security/wnpa-sec-2012-36.html
http://www.wireshark.org/security/wnpa-sec-2012-37.html
http://www.wireshark.org/security/wnpa-sec-2012-38.html
http://www.wireshark.org/security/wnpa-sec-2012-40.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html
http://www.wireshark.org/news/20121128.html

https://bugs.mageia.org/show_bug.cgi?id=8239
Comment 4 Thomas Backlund 2012-11-30 23:24:32 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0348

Note You need to log in before you can comment on or make changes to this bug.