Описание
Security update for wireshark
This update for wireshark fixes the following issues:
wireshark was updated from version 3.6.23 to version 4.2.6 (jsc#PED-8517):
-
Security issues fixed with this update:
- CVE-2024-0207: HTTP3 dissector crash (bsc#1218503)
- CVE-2024-0210: Zigbee TLV dissector crash (bsc#1218506)
- CVE-2024-0211: DOCSIS dissector crash (bsc#1218507)
- CVE-2023-6174: Fixed SSH dissector crash (bsc#1217247)
- CVE-2023-6175: NetScreen file parser crash (bsc#1217272)
- CVE-2023-5371: RTPS dissector memory leak (bsc#1215959)
- CVE-2023-3649: iSCSI dissector crash (bsc#1213318)
- CVE-2023-2854: BLF file parser crash (bsc#1211708)
- CVE-2023-0666: RTPS dissector crash (bsc#1211709)
- CVE-2023-0414: EAP dissector crash (bsc#1207666)
-
Major changes introduced with versions 4.2.0 and 4.0.0:
-
Added an aditional desktopfile to start wireshark which asks for the super user password.
Список пакетов
Image SLES15-SP6-SAP-Azure-LI-BYOS
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
Image SLES15-SP6-SAP-Azure-VLI-BYOS
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:3165-1
- E-Mail link for SUSE-SU-2024:3165-1
- SUSE Security Ratings
- SUSE Bug 1207666
- SUSE Bug 1211708
- SUSE Bug 1211709
- SUSE Bug 1213318
- SUSE Bug 1215959
- SUSE Bug 1217247
- SUSE Bug 1217272
- SUSE Bug 1218503
- SUSE Bug 1218506
- SUSE Bug 1218507
- SUSE Bug 1222030
- SUSE CVE CVE-2023-0414 page
- SUSE CVE CVE-2023-0666 page
- SUSE CVE CVE-2023-2854 page
- SUSE CVE CVE-2023-3649 page
- SUSE CVE CVE-2023-5371 page
- SUSE CVE CVE-2023-6174 page
Описание
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2023-0414
- SUSE Bug 1207666
Описание
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Затронутые продукты
Ссылки
- CVE-2023-0666
- SUSE Bug 1211709
Описание
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Затронутые продукты
Ссылки
- CVE-2023-2854
- SUSE Bug 1211708
Описание
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2023-3649
- SUSE Bug 1213318
Описание
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2023-5371
- SUSE Bug 1215959
Описание
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2023-6174
- SUSE Bug 1217247
Описание
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
Затронутые продукты
Ссылки
- CVE-2023-6175
- SUSE Bug 1217272
Описание
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2024-0207
- SUSE Bug 1218503
Описание
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2024-0210
- SUSE Bug 1218506
Описание
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2024-0211
- SUSE Bug 1218507
Описание
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
Затронутые продукты
Ссылки
- CVE-2024-2955
- SUSE Bug 1222030