Security Advisory Moderate: wireshark security and bug fix update

Advisory: RHSA-2017:0631-1
Type: Security Advisory
Severity: Moderate
Issued on: 2017-03-21
Last updated on: 2017-03-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-4075
CVE-2015-3811
CVE-2015-3812
CVE-2015-3813

Details

An update for wireshark is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The wireshark packages contain a network protocol analyzer used to capture and
browse the traffic running on a computer network.

Security Fix(es):

* Several denial of service flaws were found in Wireshark. Wireshark could crash
or stop responding if it read a malformed packet off a network, or opened a
malicious dump file. (CVE-2015-3811, CVE-2015-3812, CVE-2015-3813,
CVE-2013-4075)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked
from the References section.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Wireshark must be restarted for the update to take
effect.

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
wireshark-1.8.10-25.el6.src.rpm     MD5: be6254ad023be333241961ee43d64980
SHA-256: 55cdcc1a89d78e55dfa2cd9620549823894428a186cb574f4eae4eac0b73a74c
 
IA-32:
wireshark-1.8.10-25.el6.i686.rpm     MD5: 3bf990eeb79f9d6399e943c0903bf80c
SHA-256: e241427c67b49b3cf10b52ffcea6716666d37ea28f4340c74cda4c8071ab8c54
wireshark-debuginfo-1.8.10-25.el6.i686.rpm     MD5: 81483e3cec2a3ebbbbfd7577fc32036e
SHA-256: 5b73f3191bf181bf903771c9a68fb1d3fb2d440da37a53b0c0b471aff2a48294
wireshark-devel-1.8.10-25.el6.i686.rpm     MD5: 3fd838eeb3ae321e4f7eedc3e469afef
SHA-256: 363e99b5e323546220550db0ac3276ecb410687bb2e5f104735284bdeecaa6b8
wireshark-gnome-1.8.10-25.el6.i686.rpm     MD5: e36d55a7852c1a655b341c16a2a0737d
SHA-256: cf8c2e3bbb0f8e1585b2927d41cead482cbd7baaf30b9aced529fe42a93ceb67
 
x86_64:
wireshark-1.8.10-25.el6.i686.rpm     MD5: 3bf990eeb79f9d6399e943c0903bf80c
SHA-256: e241427c67b49b3cf10b52ffcea6716666d37ea28f4340c74cda4c8071ab8c54
wireshark-1.8.10-25.el6.x86_64.rpm     MD5: 086ab3d6dec7bcc6d7da30fc2584e88e
SHA-256: b070ee6a043ba92b05721e3fd4eab2a5969f0230ba885ec93ae8dbb17c87b7a2
wireshark-debuginfo-1.8.10-25.el6.i686.rpm     MD5: 81483e3cec2a3ebbbbfd7577fc32036e
SHA-256: 5b73f3191bf181bf903771c9a68fb1d3fb2d440da37a53b0c0b471aff2a48294
wireshark-debuginfo-1.8.10-25.el6.x86_64.rpm     MD5: c8de78bcb5743d0c1fe13115ad966578
SHA-256: c10b2a38acff03c1f0da25dee1289bb2c446f464b74f4c243e40a05cdaf1c51f
wireshark-devel-1.8.10-25.el6.i686.rpm     MD5: 3fd838eeb3ae321e4f7eedc3e469afef
SHA-256: 363e99b5e323546220550db0ac3276ecb410687bb2e5f104735284bdeecaa6b8
wireshark-devel-1.8.10-25.el6.x86_64.rpm     MD5: 5093549a0b2599c7388ffd17100b4ea3
SHA-256: 2ee68d06a6e8002f2c6f0d38af73ac235fc92180dddb3261ad4cecd39de569b0
wireshark-gnome-1.8.10-25.el6.x86_64.rpm     MD5: ac8d1008d560110dffc5fe13bc9bd569
SHA-256: 250c5348be6e30391b38b030a25a73066fb0d5c577744ab8c232888283f9733b
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
wireshark-1.8.10-25.el6.src.rpm     MD5: be6254ad023be333241961ee43d64980
SHA-256: 55cdcc1a89d78e55dfa2cd9620549823894428a186cb574f4eae4eac0b73a74c
 
IA-32:
wireshark-1.8.10-25.el6.i686.rpm     MD5: 3bf990eeb79f9d6399e943c0903bf80c
SHA-256: e241427c67b49b3cf10b52ffcea6716666d37ea28f4340c74cda4c8071ab8c54
wireshark-debuginfo-1.8.10-25.el6.i686.rpm     MD5: 81483e3cec2a3ebbbbfd7577fc32036e
SHA-256: 5b73f3191bf181bf903771c9a68fb1d3fb2d440da37a53b0c0b471aff2a48294
wireshark-devel-1.8.10-25.el6.i686.rpm     MD5: 3fd838eeb3ae321e4f7eedc3e469afef
SHA-256: 363e99b5e323546220550db0ac3276ecb410687bb2e5f104735284bdeecaa6b8
wireshark-gnome-1.8.10-25.el6.i686.rpm     MD5: e36d55a7852c1a655b341c16a2a0737d
SHA-256: cf8c2e3bbb0f8e1585b2927d41cead482cbd7baaf30b9aced529fe42a93ceb67
 
PPC:
wireshark-1.8.10-25.el6.ppc.rpm     MD5: 760dc93642ba887b540bec05be78d63d
SHA-256: 16dfb5ee3da53974406a8dbf3545ff3b03da6fc6b64df6c5a09b3662734387fa
wireshark-1.8.10-25.el6.ppc64.rpm     MD5: 92cc9d2324cda44907764f0f05001ce4
SHA-256: c7112dd084b6d03e9e5fab220ca5480873b9dee5bf8af14502cf3ad33fea3a02
wireshark-debuginfo-1.8.10-25.el6.ppc.rpm     MD5: c3aa19fa2e8289b3995b04762e9a925e
SHA-256: 8bbd6b42084c14dec41343b7fd27eb5dc6eb6fe099101eedc7557095a4ce0a54
wireshark-debuginfo-1.8.10-25.el6.ppc64.rpm     MD5: 001768e447dbfd93b7891f95949950c8
SHA-256: 4460d23ce4f91b23714ad9081c48096149d616755810815e89c2edf551b69bb7
wireshark-devel-1.8.10-25.el6.ppc.rpm     MD5: 22232824f4a49e73f4d53186a50c85b5
SHA-256: e18d548f4b28c0768088b72fb77bdb15718b047d686a37c6f4cf7bee6703ce76
wireshark-devel-1.8.10-25.el6.ppc64.rpm     MD5: 79d2d3854470589370a0324be2a81460
SHA-256: 946f24253f59900bd8b1d615b5ed59bc64f3db7ee01f255754c4f30b545c33ec
wireshark-gnome-1.8.10-25.el6.ppc64.rpm     MD5: f7a43147317dfed2aa5fc4ce1758d608
SHA-256: 89317113c1926281b6842a5228664cb6d1e15daa339225dc84972506e79dfc52
 
s390x:
wireshark-1.8.10-25.el6.s390.rpm     MD5: 282bd1278a3192247adf1c5d7a48dd72
SHA-256: d5fb0c1fe7a25fa6297f75f89aa9d1eee417fe304d74ba093798feb2db09c21d
wireshark-1.8.10-25.el6.s390x.rpm     MD5: 8508b8c47076aa4657684055ada79c14
SHA-256: f156ea298ae12f54af83580791fa06c7237d4adeac52f9eefe68b88729cfec18
wireshark-debuginfo-1.8.10-25.el6.s390.rpm     MD5: 9c94ad6edc34cae0c2f4f749b9a5f3f8
SHA-256: 0a8524b22087c3cb937e142c48e981c6bbb73c46940c4d518da3aaf80af341c9
wireshark-debuginfo-1.8.10-25.el6.s390x.rpm     MD5: b95fb41583048c0d2aa272be03e092dd
SHA-256: b9defe7be455c1877b8b834861ab5f46e71f7ddcc3f4b176daade358b74aff01
wireshark-devel-1.8.10-25.el6.s390.rpm     MD5: 1b40a545c33479292449a64c292b7342
SHA-256: bc21ebfebc7593df5756d8162ec298dfd4980992023fcfd9c0950c737ebb2cfd
wireshark-devel-1.8.10-25.el6.s390x.rpm     MD5: c2f53d88b4b4f763026501abe735d447
SHA-256: 12fad7778fda70afdc4379ebe6672891f95ca9361ae957d722e629f57f79d2a0
wireshark-gnome-1.8.10-25.el6.s390x.rpm     MD5: d2bc7555df88d5b2f82a29c90675e024
SHA-256: d72f0b3c963d7936a85fcef3414986b27b6b7493369a4db993a99aff074a2f3b
 
x86_64:
wireshark-1.8.10-25.el6.i686.rpm     MD5: 3bf990eeb79f9d6399e943c0903bf80c
SHA-256: e241427c67b49b3cf10b52ffcea6716666d37ea28f4340c74cda4c8071ab8c54
wireshark-1.8.10-25.el6.x86_64.rpm     MD5: 086ab3d6dec7bcc6d7da30fc2584e88e
SHA-256: b070ee6a043ba92b05721e3fd4eab2a5969f0230ba885ec93ae8dbb17c87b7a2
wireshark-debuginfo-1.8.10-25.el6.i686.rpm     MD5: 81483e3cec2a3ebbbbfd7577fc32036e
SHA-256: 5b73f3191bf181bf903771c9a68fb1d3fb2d440da37a53b0c0b471aff2a48294
wireshark-debuginfo-1.8.10-25.el6.x86_64.rpm     MD5: c8de78bcb5743d0c1fe13115ad966578
SHA-256: c10b2a38acff03c1f0da25dee1289bb2c446f464b74f4c243e40a05cdaf1c51f
wireshark-devel-1.8.10-25.el6.i686.rpm     MD5: 3fd838eeb3ae321e4f7eedc3e469afef
SHA-256: 363e99b5e323546220550db0ac3276ecb410687bb2e5f104735284bdeecaa6b8
wireshark-devel-1.8.10-25.el6.x86_64.rpm     MD5: 5093549a0b2599c7388ffd17100b4ea3
SHA-256: 2ee68d06a6e8002f2c6f0d38af73ac235fc92180dddb3261ad4cecd39de569b0
wireshark-gnome-1.8.10-25.el6.x86_64.rpm     MD5: ac8d1008d560110dffc5fe13bc9bd569
SHA-256: 250c5348be6e30391b38b030a25a73066fb0d5c577744ab8c232888283f9733b
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
wireshark-1.8.10-25.el6.src.rpm     MD5: be6254ad023be333241961ee43d64980
SHA-256: 55cdcc1a89d78e55dfa2cd9620549823894428a186cb574f4eae4eac0b73a74c
 
IA-32:
wireshark-1.8.10-25.el6.i686.rpm     MD5: 3bf990eeb79f9d6399e943c0903bf80c
SHA-256: e241427c67b49b3cf10b52ffcea6716666d37ea28f4340c74cda4c8071ab8c54
wireshark-debuginfo-1.8.10-25.el6.i686.rpm     MD5: 81483e3cec2a3ebbbbfd7577fc32036e
SHA-256: 5b73f3191bf181bf903771c9a68fb1d3fb2d440da37a53b0c0b471aff2a48294
wireshark-devel-1.8.10-25.el6.i686.rpm     MD5: 3fd838eeb3ae321e4f7eedc3e469afef
SHA-256: 363e99b5e323546220550db0ac3276ecb410687bb2e5f104735284bdeecaa6b8
wireshark-gnome-1.8.10-25.el6.i686.rpm     MD5: e36d55a7852c1a655b341c16a2a0737d
SHA-256: cf8c2e3bbb0f8e1585b2927d41cead482cbd7baaf30b9aced529fe42a93ceb67
 
x86_64:
wireshark-1.8.10-25.el6.i686.rpm     MD5: 3bf990eeb79f9d6399e943c0903bf80c
SHA-256: e241427c67b49b3cf10b52ffcea6716666d37ea28f4340c74cda4c8071ab8c54
wireshark-1.8.10-25.el6.x86_64.rpm     MD5: 086ab3d6dec7bcc6d7da30fc2584e88e
SHA-256: b070ee6a043ba92b05721e3fd4eab2a5969f0230ba885ec93ae8dbb17c87b7a2
wireshark-debuginfo-1.8.10-25.el6.i686.rpm     MD5: 81483e3cec2a3ebbbbfd7577fc32036e
SHA-256: 5b73f3191bf181bf903771c9a68fb1d3fb2d440da37a53b0c0b471aff2a48294
wireshark-debuginfo-1.8.10-25.el6.x86_64.rpm     MD5: c8de78bcb5743d0c1fe13115ad966578
SHA-256: c10b2a38acff03c1f0da25dee1289bb2c446f464b74f4c243e40a05cdaf1c51f
wireshark-devel-1.8.10-25.el6.i686.rpm     MD5: 3fd838eeb3ae321e4f7eedc3e469afef
SHA-256: 363e99b5e323546220550db0ac3276ecb410687bb2e5f104735284bdeecaa6b8
wireshark-devel-1.8.10-25.el6.x86_64.rpm     MD5: 5093549a0b2599c7388ffd17100b4ea3
SHA-256: 2ee68d06a6e8002f2c6f0d38af73ac235fc92180dddb3261ad4cecd39de569b0
wireshark-gnome-1.8.10-25.el6.x86_64.rpm     MD5: ac8d1008d560110dffc5fe13bc9bd569
SHA-256: 250c5348be6e30391b38b030a25a73066fb0d5c577744ab8c232888283f9733b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1222436 - CVE-2015-3811 wireshark: WCP dissector crash (wnpa-sec-2015-14)
1222437 - CVE-2015-3812 wireshark: X11 memory leak (wnpa-sec-2015-15)
1222438 - CVE-2015-3813 wireshark: Reassembly memory leak (wnpa-sec-2015-16)
1222895 - Problems decoding TLS Server Key Exchange messages
1222902 - Encrypt-then-MAC TLS extension unrecognised
1238166 - tshark -F option fails to create capture files in .pcap format.
1240675 - No dissection of the TLS Certificate Verify message
972680 - CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/