openSUSE: 2023:0678-1 Critical: Wireshark Memory Optimization Updates
opensuse
July 10, 2021
An update that solves 9 vulnerabilities and has two fixes is now available
Description
This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the
following issues:
Update wireshark to version 3.4.5
- New and updated support and bug fixes for multiple protocols
- Asynchronous DNS resolution is always enabled
- Protobuf fields can be dissected as Wireshark (header) fields
- UI improvements
Including security fixes for:
- CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353).
- CVE-2021-22207: MS-WSP dissector excessive memory consumption
(bsc#1185128)
- CVE-2020-26422: QUIC dissector crash (bsc#1180232)
- CVE-2020-26418: Kafka dissector memory leak (bsc#1179930)
- CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931)
- CVE-2020-26420: RTPS dissector memory leak (bsc#1179932)
- CVE-2020-26421: USB HID dissector crash (bsc#1179933)
- CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598)
- CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599)
libqt5-qtmultimedia and...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2125=1
Package List
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libsbc1-1.3-3.2.1
libsbc1-debuginfo-1.3-3.2.1
libwireshark14-3.4.5-3.53.1
libwireshark14-debuginfo-3.4.5-3.53.1
libwiretap11-3.4.5-3.53.1
libwiretap11-debuginfo-3.4.5-3.53.1
libwsutil12-3.4.5-3.53.1
libwsutil12-debuginfo-3.4.5-3.53.1
sbc-1.3-3.2.1
sbc-debuginfo-1.3-3.2.1
sbc-debugsource-1.3-3.2.1
sbc-devel-1.3-3.2.1
wireshark-3.4.5-3.53.1
wireshark-debuginfo-3.4.5-3.53.1
wireshark-debugsource-3.4.5-3.53.1
wireshark-devel-3.4.5-3.53.1
wireshark-ui-qt-3.4.5-3.53.1
wireshark-ui-qt-debuginfo-3.4.5-3.53.1
- openSUSE Leap 15.3 (x86_64):
libsbc1-32bit-1.3-3.2.1
libsbc1-32bit-debuginfo-1.3-3.2.1
References
https://www.suse.com/security/cve/CVE-2020-26418.html
https://www.suse.com/security/cve/CVE-2020-26419.html
https://www.suse.com/security/cve/CVE-2020-26420.html
https://www.suse.com/security/cve/CVE-2020-26421.html
https://www.suse.com/security/cve/CVE-2020-26422.html
https://www.suse.com/security/cve/CVE-2021-22173.html
https://www.suse.com/security/cve/CVE-2021-22174.html
https://www.suse.com/security/cve/CVE-2021-22191.html
https://www.suse.com/security/cve/CVE-2021-22207.html
https://bugzilla.suse.com/1179930
https://bugzilla.suse.com/1179931
https://bugzilla.suse.com/1179932
https://bugzilla.suse.com/1179933
https://bugzilla.suse.com/1180102
https://bugzilla.suse.com/1180232
https://bugzilla.suse.com/1181598
https://bugzilla.suse.com/1181599
https://bugzilla.suse.com/1183353
https://bugzilla.suse.com/1184110
https://bugzilla.suse.com/1185128
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:2125-1
Rating: important
Affected Products:
openSUSE Leap 15.3
ble.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!