Wireshark 2.4.2

This release fixes minor vulnerabilities that could be used to trigger dissector crashes or infinite loops by making Wireshark read specially crafted packages from the network or a capture file (boo#1062645): * CVE-2017-15192: BT ATT dissector crash (wnpa-sec-2017-42) * CVE-2017-15193: MBIM dissector crash (wnpa-sec-2017-43) * CVE-2017-15191: DMP dissector crash (wnpa-sec-2017-44) * CVE-2017-15190: RTSP dissector crash (wnpa-sec-2017-45) * CVE-2017-15189: DOCSIS infinite loop (wnpa-sec-2017-46) OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=232
2017-10-11 11:00:24 +00:00 · 2017-10-11 11:00:24 +00:00 · 1a5e352e8d
commit 1a5e352e8d
parent 1f980bccde
6 changed files with 78 additions and 65 deletions
--- a/SIGNATURES-2.4.1.txt
+++ b/SIGNATURES-2.4.1.txt
@ -1,60 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-wireshark-2.4.1.tar.xz: 28780384 bytes
-SHA256(wireshark-2.4.1.tar.xz)=02ddbcf9b10f9dfa1e36eec00fe00cb5b5ce8e07203843baf056ac7909911fcd
-RIPEMD160(wireshark-2.4.1.tar.xz)=4e47f79741fe09ed404e03ab51be617abc3ae3d5
-SHA1(wireshark-2.4.1.tar.xz)=2a52aeefba0a45747b1e4593c82c6efc33aa4182
-MD5(wireshark-2.4.1.tar.xz)=22b925108e0b65d6560f0af161157266
-
-Wireshark-win32-2.4.1.exe: 53597448 bytes
-SHA256(Wireshark-win32-2.4.1.exe)=8a2be35c125010538692130af6fc4f9384e3a3caa4f49eec7fc17e238512c067
-RIPEMD160(Wireshark-win32-2.4.1.exe)=a9c9567857ca768835ed9ab040a2ae1b86df779f
-SHA1(Wireshark-win32-2.4.1.exe)=392c5eebe1aef355e6e660e34cb98ad2dde5e2b2
-MD5(Wireshark-win32-2.4.1.exe)=f7daa36cdd469bf067e258c9d1847ee6
-
-Wireshark-win64-2.4.1.exe: 59132608 bytes
-SHA256(Wireshark-win64-2.4.1.exe)=c97d6a43bca6e706975b45bfa99d320674003673f8bc8337954694ef14e6cc26
-RIPEMD160(Wireshark-win64-2.4.1.exe)=70efd612db44caa65f40946557891fd952445a4e
-SHA1(Wireshark-win64-2.4.1.exe)=0ccf8188aa3970adea3003c0e7bff12cd6d34313
-MD5(Wireshark-win64-2.4.1.exe)=2e71aed667c5a6de9acced176a504939
-
-Wireshark-win32-2.4.1.msi: 43048960 bytes
-SHA256(Wireshark-win32-2.4.1.msi)=467f29e274fa6da0072295198217ba324db7885d49f1d6e6e40008622ffe3ea0
-RIPEMD160(Wireshark-win32-2.4.1.msi)=16832d856347c305c14403e65c79f10c7961affd
-SHA1(Wireshark-win32-2.4.1.msi)=a04faea8ee31bbd621719605c95ade9536aebab6
-MD5(Wireshark-win32-2.4.1.msi)=9000a088689fcd24253d363a853bb7aa
-
-Wireshark-win64-2.4.1.msi: 48398336 bytes
-SHA256(Wireshark-win64-2.4.1.msi)=7a75a2eebfa197dd34c17707ddf6065921b24af58470fa85d44498402866db1c
-RIPEMD160(Wireshark-win64-2.4.1.msi)=13ae3e3cace6968af1507d26d5b0224f3a5c427c
-SHA1(Wireshark-win64-2.4.1.msi)=5f533bf7e6226ebb9d59f0cef149015869364e69
-MD5(Wireshark-win64-2.4.1.msi)=cfb3b9fe4b73e4cb6d5bfc0b37b7d841
-
-WiresharkPortable_2.4.1.paf.exe: 46309696 bytes
-SHA256(WiresharkPortable_2.4.1.paf.exe)=f75753a335cb6278527c21822c07a08a3ca977c83da23c7fc80c7bbdf3fabcce
-RIPEMD160(WiresharkPortable_2.4.1.paf.exe)=953ed214dc32d07fa5891ec8738180a21b95a0d2
-SHA1(WiresharkPortable_2.4.1.paf.exe)=3ac54e3129c82c919c8c00fd5ce28cd8d8230297
-MD5(WiresharkPortable_2.4.1.paf.exe)=bee21315ce99ecfff83f61d950be8d46
-
-Wireshark 2.4.1 Intel 64.dmg: 35197766 bytes
-SHA256(Wireshark 2.4.1 Intel 64.dmg)=cbf1f66020d049e645edd9ee8f0ebdd7d71d019d3fb2c44e028fcd65195b268b
-RIPEMD160(Wireshark 2.4.1 Intel 64.dmg)=37c33371a0b142fea753f3723f6a30f7476fea18
-SHA1(Wireshark 2.4.1 Intel 64.dmg)=d841c155e6aa8681cefdaffec4b95432de865957
-MD5(Wireshark 2.4.1 Intel 64.dmg)=911497d6ea05821321a824bae57d7835
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlmluawACgkQgiRKeOb+
-ruo8BxAAogsZKu8S4y6VdpaZtJJA7SJChbtFnCn87rXgpYxwJkUBIXmf/B9Qj8Vp
-e6wYmz5ijwngyLjeosvfA7TLiO4yVxTB8gpJyrAxSrDF7HBE33ZNnJmHys1GzEYS
-5CG7e0QuaB6MYHuALkIgDCW39o8n9empd0ceKuPEtjf/YjcGLgz+qbvMMQ2l9Mqv
-eVMZrzZaL6jBO/os9XbVwIWhC8tT6sQ0WNKAGgIyY75SGWAUKEzM23JpToq/Dlv2
-5dJxTMYl4yKZQXDpxvFc9xpro6GyVzYrqj668zrwmaF2V/c/9ujU3YJ84RzI8KKq
-RJSFw6cyFu9J5SBlX1opaUg0I8sVJ8gdJI10THjSlW3QCN2z4Rry/YPMjyj7Sf64
-wcklGajDQsjOtjsp5x3ijRbeOD7Z02AJRws8ugh/lKAxOfWF4RMdM+rBeLSVD7AZ
-z9edBVM7wXbBnrrIZuUZZt4oXZwUa6HGJQmb/ZXzBg6FuL4g2EX2cb+2TNN31rfX
-NMJVA//no7DDUWdXbL4A4W9/igf2tD5DgLfFSHdewYpsUIr0w/oWy40BwpBQ5U1O
-Vo41UMGSQK/b6Ep2T3iDyo/xwuZLeYQGP/j3s1FPbjVDtTBscb00F/Lit9SMr/Nk
-PblN5mZB1nAlCgDWcH/c4W1TGK+4MCsUjaRTYjIz2NZlgwy+iVk=
-=JnJn
-----END PGP SIGNATURE-----
--- a/SIGNATURES-2.4.2.txt
+++ b/SIGNATURES-2.4.2.txt
@ -0,0 +1,60 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+wireshark-2.4.2.tar.xz: 28791712 bytes
+SHA256(wireshark-2.4.2.tar.xz)=d1acb24735fd35e18e9b7a0555ec58277c2b87da45a19ebeb8087c3dda55f47d
+RIPEMD160(wireshark-2.4.2.tar.xz)=3cbe6dfeecc7bf092064e1f91915c413d6cce2de
+SHA1(wireshark-2.4.2.tar.xz)=93e1eff9380015a8a9df473ffa38ba0635d25238
+
+Wireshark-win64-2.4.2.exe: 57888880 bytes
+SHA256(Wireshark-win64-2.4.2.exe)=ef372d8c4e8873a75d2de4028cb4fc7e23db2913de47086e4046f338bbfc6ddc
+RIPEMD160(Wireshark-win64-2.4.2.exe)=a601f1a379a1e5e5b830c20838b868a43188c060
+SHA1(Wireshark-win64-2.4.2.exe)=52279fd00aea1e164160789545ddb50a59e59088
+
+Wireshark-win32-2.4.2.exe: 52669688 bytes
+SHA256(Wireshark-win32-2.4.2.exe)=bcdf1cb77e7bf56b1f99b5d9abd9c555c89b4f32d2a865d5f13b3e43238bfdf8
+RIPEMD160(Wireshark-win32-2.4.2.exe)=5c79f6155bab4134ea16a83a5dcc307ca534188e
+SHA1(Wireshark-win32-2.4.2.exe)=da297b6d068cd2313c5cb04333a92160fcff59ce
+
+Wireshark-win32-2.4.2.msi: 41938944 bytes
+SHA256(Wireshark-win32-2.4.2.msi)=11dcf44a87f7f1e3dd514dff7ee49b0e61e59e37d2c881173d027ef9723137c1
+RIPEMD160(Wireshark-win32-2.4.2.msi)=542c0a17ff990d525495dbf92aa3d83d63572ee9
+SHA1(Wireshark-win32-2.4.2.msi)=ea5b56b7a9a861d80420a85e3d27c77ba3b8b009
+
+Wireshark-win64-2.4.2.msi: 47005696 bytes
+SHA256(Wireshark-win64-2.4.2.msi)=8e4e68751c01b1c89a2b5f07bc2001ab42431462043118f1aae1dacf4df23bf1
+RIPEMD160(Wireshark-win64-2.4.2.msi)=d8977ecc66cddcb5cde24435efbf15bdd1a76a95
+SHA1(Wireshark-win64-2.4.2.msi)=3b6e9e9acac5538ba433a4c0c82be47df6ddd018
+
+WiresharkPortable_2.4.2.paf.exe: 45299336 bytes
+SHA256(WiresharkPortable_2.4.2.paf.exe)=9aa5c49d28f5ec06db0afb7e31c0aa6cad449f9c74f5dc8a04d504631d752da3
+RIPEMD160(WiresharkPortable_2.4.2.paf.exe)=7cb47e45e82d050423192958e5ad99fb92d56f60
+SHA1(WiresharkPortable_2.4.2.paf.exe)=6c7051ab7dbf8f3739ec071e3409f6180cfd0bcc
+
+Wireshark 2.4.2 Intel 64.dmg: 35217464 bytes
+SHA256(Wireshark 2.4.2 Intel 64.dmg)=111ff7313055ebbc72a2fee4f7b691c723e182c777f5341fd74b279b106686e8
+RIPEMD160(Wireshark 2.4.2 Intel 64.dmg)=ce9988494a9f125e878f8b50e21ebafb488e90c3
+SHA1(Wireshark 2.4.2 Intel 64.dmg)=c1e5c248e0e3793af793dfcf1342cebae33401ee
+
+You can validate these hashes using the following commands (among others):
+
+    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
+    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
+    macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
+    Other: openssl sha256 wireshark-x.y.z.tar.xz
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlndHcwACgkQgiRKeOb+
+rupDow/+IIRv/SD6gb87vSTz7zL8O57eZHZWZVCLuyBW1tIouX1eBVMWXUHXuppe
+DEuSOOHwXUjIU51qjS4sv4rKCv6kzM/umBPBVR7utWtPxPw9oms8rVFASlBDjyud
+vMC8T8RGpY1XhsQJiYg4dAEcYLOkH73f8z46Sp3UMstXzIs64meKeQLcG2oBbP++
+yJbQiVQXJL/LPN1spTy16Q+v1GJQ1sIyw+ptoAl6M7N598Cwwvh+geuvDVE6BsjI
+gi211PJ4Zbm8P9uVQgiVOwv5RsUBeGyPZmn+ASZp7bLNtaHdZ44xawuQ3hqqIpr1
+DBaohc55IymHkIWECMDK6bqkRLDYkO+7HnmF1XKiUJ6/Rn5qqLc4GahDPNIHonVE
+e/9WL5aBCDjetaTFT3UQJLi9c9+ZhGiyGB9WiFaRBovm8+NodZ9Kj+sFJ/cnXsSG
+PI0o6I4P7r0NyEhoeovMbyRfa8CUnnCgD4r8XpIrdZbpa9jfzRHm8kMF7wrgxaVS
+UG7DtvFaQuvoxE9Fi6bQQYHQwZOjaZ3aLdnZXUP61g5qbjF1MywiEnjkMWVOzdrb
+egqUwbGLrhtbOfgVtCL6TI+RrHt5rxQVecNn/l1FoM1Gsqo31884hBDaHyJsjOCJ
+8YIn/Y1Fu6TE6YGTyQtW3z2h29cCnChqiHjohqB/NYGV8K3Oz7I=
+=nEZj
+-----END PGP SIGNATURE-----
--- a/wireshark-2.4.1.tar.xz
+++ b/wireshark-2.4.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:02ddbcf9b10f9dfa1e36eec00fe00cb5b5ce8e07203843baf056ac7909911fcd
-size 28780384
--- a/wireshark-2.4.2.tar.xz
+++ b/wireshark-2.4.2.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d1acb24735fd35e18e9b7a0555ec58277c2b87da45a19ebeb8087c3dda55f47d
+size 28791712
--- a/wireshark.changes
+++ b/wireshark.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Oct 11 09:54:25 UTC 2017 - astieger@suse.com
+
+- Wireshark 2.4.2:
+  This release fixes minor vulnerabilities that could be used to
+  trigger dissector crashes or infinite loops by making Wireshark
+  read specially crafted packages from the network or a capture
+  file (boo#1062645):
+  * CVE-2017-15192: BT ATT dissector crash (wnpa-sec-2017-42)
+  * CVE-2017-15193: MBIM dissector crash (wnpa-sec-2017-43)
+  * CVE-2017-15191: DMP dissector crash (wnpa-sec-2017-44)
+  * CVE-2017-15190: RTSP dissector crash (wnpa-sec-2017-45)
+  * CVE-2017-15189: DOCSIS infinite loop (wnpa-sec-2017-46)  
+
 -------------------------------------------------------------------
 Thu Sep  7 17:06:44 UTC 2017 - jmatejek@suse.com

--- a/wireshark.spec
+++ b/wireshark.spec
@ -36,7 +36,7 @@
 %bcond_with geoip
 %endif
 Name:           wireshark
-Version:        2.4.1
+Version:        2.4.2
 Release:        0
 Summary:        A Network Traffic Analyser
 License:        GPL-2.0+ AND GPL-3.0+
@ -193,7 +193,6 @@ This package contains the Qt based UI for Wireshark.
 %prep
 # The publisher doesn't sign the source tarball, but a signatures file containing multiple hashes.
 # Verify hashes in that file against source tarball.
-echo "`grep %{name}-%{version}.tar.xz %{SOURCE2} | grep MD5 | head -n1 | cut -d= -f2`  %{SOURCE0}" | md5sum -c
 echo "`grep %{name}-%{version}.tar.xz %{SOURCE2} | grep SHA1 | head -n1 | cut -d= -f2`  %{SOURCE0}" | sha1sum -c
 echo "`grep %{name}-%{version}.tar.xz %{SOURCE2} | grep SHA256 | head -n1 | cut -d= -f2`  %{SOURCE0}" | sha256sum -c