This update for wireshark fixes the following issues:
Update to Wireshark 4.4.13:
- CVE-2025-11626: MONGO dissector infinite loop (bsc#1251933).
- CVE-2025-13499: Kafka dissector crash (bsc#1254108).
- CVE-2025-13945: HTTP3 dissector crash (bsc#1254471).
- CVE-2025-13946: MEGACO dissector infinite loop (bsc#1254472).
- CVE-2025-9817: SSH dissector crash (bsc#1249090).
- CVE-2026-0959: IEEE 802.11 dissector crash (bsc#1256734).
- CVE-2026-0961: BLF file parser crash (bsc#1256738).
- CVE-2026-0962: SOME/IP-SD dissector crash (bsc#1256739).
Full changelog:
https://www.wireshark.org/docs/relnotes/wireshark-4.4.13.html
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-236=1
- openSUSE Leap 16.0:
libwireshark18-4.4.13-160000.1.1
libwiretap15-4.4.13-160000.1.1
libwsutil16-4.4.13-160000.1.1
wireshark-4.4.13-160000.1.1
wireshark-devel-4.4.13-160000.1.1
wireshark-ui-qt-4.4.13-160000.1.1
* bsc#1249090
* bsc#1251933
* bsc#1254108
* bsc#1254471
* bsc#1254472
* bsc#1256734
* bsc#1256738
* bsc#1256739
References:
* https://www.suse.com/security/cve/CVE-2025-11626.html
* https://www.suse.com/security/cve/CVE-2025-13499.html
* https://www.suse.com/security/cve/CVE-2025-13945.html
* https://www.suse.com/security/cve/CVE-2025-13946.html
* https://www.suse.com/security/cve/CVE-2025-9817.html
* https://www.suse.com/security/cve/CVE-2026-0959.html
* https://www.suse.com/security/cve/CVE-2026-0961.html
* https://www.suse.com/security/cve/CVE-2026-0962.html
Get the latest Linux and open source security news straight to your inbox.