Bug 8897 - wireshark new releases 1.6.13 and 1.8.5 fix security issues
: wireshark new releases 1.6.13 and 1.8.5 fix security issues
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://www.wireshark.org/news/2013012...
: has_procedure mga2-32-ok MGA2-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-01-30 03:05 CET by David Walser
Modified: 2013-02-06 23:19 CET (History)
3 users (show)

See Also:
Source RPM: wireshark-1.6.12-1.mga2.src.rpm
CVE:
Status comment:


Attachments

Comment 1 David Walser 2013-01-30 22:26:03 CET
Updated packages uploaded for Mageia 2 and Cauldron.

Advisory:
========================

Updated wireshark packages fix security vulnerabilities:

Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS
CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors
(wnpa-sec-2013-01).

The CLNP dissector could crash (wnpa-sec-2013-02).

The DTN dissector could crash (wnpa-sec-2013-03).

The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04).

The DTLS dissector could crash (wnpa-sec-2013-05).

The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).

The Wireshark dissection engine could crash (wnpa-sec-2013-08).

The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).

References:
http://www.wireshark.org/security/wnpa-sec-2013-01.html
http://www.wireshark.org/security/wnpa-sec-2013-02.html
http://www.wireshark.org/security/wnpa-sec-2013-03.html
http://www.wireshark.org/security/wnpa-sec-2013-04.html
http://www.wireshark.org/security/wnpa-sec-2013-05.html
http://www.wireshark.org/security/wnpa-sec-2013-07.html
http://www.wireshark.org/security/wnpa-sec-2013-08.html
http://www.wireshark.org/security/wnpa-sec-2013-09.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html
http://www.wireshark.org/news/20130129.html
========================

Updated packages in core/updates_testing:
========================
wireshark-1.6.13-1.mga2
libwireshark1-1.6.13-1.mga2
libwireshark-devel-1.6.13-1.mga2
wireshark-tools-1.6.13-1.mga2
tshark-1.6.13-1.mga2
rawshark-1.6.13-1.mga2
dumpcap-1.6.13-1.mga2

from wireshark-1.6.13-1.mga2.src.rpm
Comment 3 claire robinson 2013-02-01 18:31:28 CET
Testing mga2 32

Before
------
$ wireshark 8023-slow-protocols.pcap
17:05:20          Warn Dissector bug, protocol 802.3 Slow protocols, in packet 1: More than 1000000 items in the tree -- possible infinite loop
17:05:21          Warn Dissector bug, protocol 802.3 Slow protocols, in packet 1: More than 1000000 items in the tree -- possible infinite loop
^C

The above causes max cpu load and the errors seen. Killed with ctrl-c.

$ tshark -nr fuzz-2012-10-16-23114.pcap
...etc
Segmentation Fault

$ tshark -nr fuzz-2012-10-31-25737.pcap 

No ill effect, also tried with wireshark.

$ wireshark packet-ms-mms.pcap

No ill effect, also tried tshark.

$ wireshark packet-dtls.pcap
Segmentation fault

$ tshark -nr process_packet.pcap

No ill effect, but crashes with wireshark.

$ wireshark process_packet.pcap
17:19:25          Err  Memory corrupted
Trace/breakpoint trap


$ wireshark packet-per.pcap

No error, also tried tshark.



After
-----
Repeated the tests without issue.

Captures ok when started as root. Testing complete mga2 32
Comment 4 Dave Hodgins 2013-02-02 01:59:15 CET
Testing complete on Mageia 2 x86-64.  Identical to i586 results.

Could someone from the sysadmin team push the srpm
wireshark-1.6.13-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated wireshark packages fix security vulnerabilities:

Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS
CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors
(wnpa-sec-2013-01).

The CLNP dissector could crash (wnpa-sec-2013-02).

The DTN dissector could crash (wnpa-sec-2013-03).

The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04).

The DTLS dissector could crash (wnpa-sec-2013-05).

The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).

The Wireshark dissection engine could crash (wnpa-sec-2013-08).

The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).

References:
http://www.wireshark.org/security/wnpa-sec-2013-01.html
http://www.wireshark.org/security/wnpa-sec-2013-02.html
http://www.wireshark.org/security/wnpa-sec-2013-03.html
http://www.wireshark.org/security/wnpa-sec-2013-04.html
http://www.wireshark.org/security/wnpa-sec-2013-05.html
http://www.wireshark.org/security/wnpa-sec-2013-07.html
http://www.wireshark.org/security/wnpa-sec-2013-08.html
http://www.wireshark.org/security/wnpa-sec-2013-09.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html
http://www.wireshark.org/news/20130129.html

https://bugs.mageia.org/show_bug.cgi?id=8897
Comment 5 Thomas Backlund 2013-02-06 23:19:20 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0034

Note You need to log in before you can comment on or make changes to this bug.