Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:2125-1

Опубликовано: 10 июл. 2021
Источник: suse-cvrf

Описание

Security update for wireshark

This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues:

Update wireshark to version 3.4.5

  • New and updated support and bug fixes for multiple protocols
  • Asynchronous DNS resolution is always enabled
  • Protobuf fields can be dissected as Wireshark (header) fields
  • UI improvements

Including security fixes for:

  • CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353).
  • CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128)
  • CVE-2020-26422: QUIC dissector crash (bsc#1180232)
  • CVE-2020-26418: Kafka dissector memory leak (bsc#1179930)
  • CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931)
  • CVE-2020-26420: RTPS dissector memory leak (bsc#1179932)
  • CVE-2020-26421: USB HID dissector crash (bsc#1179933)
  • CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598)
  • CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599)

libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt.

Список пакетов

openSUSE Leap 15.3
libsbc1-1.3-3.2.1
libsbc1-32bit-1.3-3.2.1
libwireshark14-3.4.5-3.53.1
libwiretap11-3.4.5-3.53.1
libwsutil12-3.4.5-3.53.1
sbc-1.3-3.2.1
sbc-devel-1.3-3.2.1
wireshark-3.4.5-3.53.1
wireshark-devel-3.4.5-3.53.1
wireshark-ui-qt-3.4.5-3.53.1

Ссылки

Описание

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки

Описание

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

Затронутые продукты
openSUSE Leap 15.3:libsbc1-1.3-3.2.1
openSUSE Leap 15.3:libsbc1-32bit-1.3-3.2.1
openSUSE Leap 15.3:libwireshark14-3.4.5-3.53.1
openSUSE Leap 15.3:libwiretap11-3.4.5-3.53.1
Ссылки