Wireshark 1.6.13 and 1.8.5 have been released, fixing several security issues. They have been checked into SVN. I will test 1.8.5 tomorrow and ask for a freeze push. I will build and upload 1.6.13 as well. References (for Cauldron only): http://www.wireshark.org/security/wnpa-sec-2013-06.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html References (for the eventual Mageia 2 update): http://www.wireshark.org/security/wnpa-sec-2013-01.html http://www.wireshark.org/security/wnpa-sec-2013-02.html http://www.wireshark.org/security/wnpa-sec-2013-03.html http://www.wireshark.org/security/wnpa-sec-2013-04.html http://www.wireshark.org/security/wnpa-sec-2013-05.html http://www.wireshark.org/security/wnpa-sec-2013-07.html http://www.wireshark.org/security/wnpa-sec-2013-08.html http://www.wireshark.org/security/wnpa-sec-2013-09.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html http://www.wireshark.org/news/20130129.html
Updated packages uploaded for Mageia 2 and Cauldron. Advisory: ======================== Updated wireshark packages fix security vulnerabilities: Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). References: http://www.wireshark.org/security/wnpa-sec-2013-01.html http://www.wireshark.org/security/wnpa-sec-2013-02.html http://www.wireshark.org/security/wnpa-sec-2013-03.html http://www.wireshark.org/security/wnpa-sec-2013-04.html http://www.wireshark.org/security/wnpa-sec-2013-05.html http://www.wireshark.org/security/wnpa-sec-2013-07.html http://www.wireshark.org/security/wnpa-sec-2013-08.html http://www.wireshark.org/security/wnpa-sec-2013-09.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html http://www.wireshark.org/news/20130129.html ======================== Updated packages in core/updates_testing: ======================== wireshark-1.6.13-1.mga2 libwireshark1-1.6.13-1.mga2 libwireshark-devel-1.6.13-1.mga2 wireshark-tools-1.6.13-1.mga2 tshark-1.6.13-1.mga2 rawshark-1.6.13-1.mga2 dumpcap-1.6.13-1.mga2 from wireshark-1.6.13-1.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugs
Some PoC's https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197
Testing mga2 32 Before ------ $ wireshark 8023-slow-protocols.pcap 17:05:20 Warn Dissector bug, protocol 802.3 Slow protocols, in packet 1: More than 1000000 items in the tree -- possible infinite loop 17:05:21 Warn Dissector bug, protocol 802.3 Slow protocols, in packet 1: More than 1000000 items in the tree -- possible infinite loop ^C The above causes max cpu load and the errors seen. Killed with ctrl-c. $ tshark -nr fuzz-2012-10-16-23114.pcap ...etc Segmentation Fault $ tshark -nr fuzz-2012-10-31-25737.pcap No ill effect, also tried with wireshark. $ wireshark packet-ms-mms.pcap No ill effect, also tried tshark. $ wireshark packet-dtls.pcap Segmentation fault $ tshark -nr process_packet.pcap No ill effect, but crashes with wireshark. $ wireshark process_packet.pcap 17:19:25 Err Memory corrupted Trace/breakpoint trap $ wireshark packet-per.pcap No error, also tried tshark. After ----- Repeated the tests without issue. Captures ok when started as root. Testing complete mga2 32
Whiteboard: (none) => has_procedure mga2-32-ok
Testing complete on Mageia 2 x86-64. Identical to i586 results. Could someone from the sysadmin team push the srpm wireshark-1.6.13-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated wireshark packages fix security vulnerabilities: Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). References: http://www.wireshark.org/security/wnpa-sec-2013-01.html http://www.wireshark.org/security/wnpa-sec-2013-02.html http://www.wireshark.org/security/wnpa-sec-2013-03.html http://www.wireshark.org/security/wnpa-sec-2013-04.html http://www.wireshark.org/security/wnpa-sec-2013-05.html http://www.wireshark.org/security/wnpa-sec-2013-07.html http://www.wireshark.org/security/wnpa-sec-2013-08.html http://www.wireshark.org/security/wnpa-sec-2013-09.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.13.html http://www.wireshark.org/news/20130129.html https://bugs.mageia.org/show_bug.cgi?id=8897
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok MGA2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0034
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED