Описание
Security update for wireshark
This update for wireshark fixes the following issues:
Update to version 3.6.22:
- CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops (bsc#1224274)
- CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet (bsc#1224259)
- CVE-2024-4855: The editcap command line utility could crash when injecting secrets while writing multiple files (bsc#1224276)
Список пакетов
Image SLES15-SP6-SAP-Azure-LI-BYOS
wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
wireshark-3.6.23-150600.18.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libwireshark15-3.6.23-150600.18.3.1
libwiretap12-3.6.23-150600.18.3.1
libwsutil13-3.6.23-150600.18.3.1
wireshark-3.6.23-150600.18.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
wireshark-devel-3.6.23-150600.18.3.1
wireshark-ui-qt-3.6.23-150600.18.3.1
openSUSE Leap 15.6
libwireshark15-3.6.23-150600.18.3.1
libwiretap12-3.6.23-150600.18.3.1
libwsutil13-3.6.23-150600.18.3.1
wireshark-3.6.23-150600.18.3.1
wireshark-devel-3.6.23-150600.18.3.1
wireshark-ui-qt-3.6.23-150600.18.3.1
Ссылки
- Link for SUSE-SU-2024:2265-1
- E-Mail link for SUSE-SU-2024:2265-1
- SUSE Security Ratings
- SUSE Bug 1224259
- SUSE Bug 1224274
- SUSE Bug 1224276
- SUSE CVE CVE-2024-4853 page
- SUSE CVE CVE-2024-4854 page
- SUSE CVE CVE-2024-4855 page
Описание
Memory handling issue in editcap could cause denial of service via crafted capture file
Затронутые продукты
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS:wireshark-3.6.23-150600.18.3.1
Ссылки
- CVE-2024-4853
- SUSE Bug 1224259
Описание
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file
Затронутые продукты
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS:wireshark-3.6.23-150600.18.3.1
Ссылки
- CVE-2024-4854
- SUSE Bug 1224274
Описание
Use after free issue in editcap could cause denial of service via crafted capture file
Затронутые продукты
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:wireshark-3.6.23-150600.18.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS:wireshark-3.6.23-150600.18.3.1
Ссылки
- CVE-2024-4855
- SUSE Bug 1224276