Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisorysoftware updateFedoraFedora 32: FEDORA-2021-138674557c Moderate Memory Leak in Wireshark
Security fix for CVE-2020-26418, CVE-2020-26419, CVE-2020-26420, CVE-2020-26421 Update to version 3.4.2 Fix %post script on Silverblue. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-138674557c 2021-02-07 01:38:28.260573 --------------------------------------------------------------------------------Name : wireshark Product : Fedora 32 Version : 3.4.2 Release : 1.fc32 URL : https://www.wireshark.org/ Summary : Network traffic analyzer Description : Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful features including a rich display filter language and the ability to reassemble multiple protocol packets in order to, for example, view a complete TCP stream, save the contents of a file which was transferred over HTTP or CIFS, or play back an RTP audio stream. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2020-26418, CVE-2020-26419, CVE-2020-26420, CVE-2020-26421 Update to version 3.4.2 Fix %post script on Silverblue --------------------------------------------------------------------------------ChangeLog: * Fri Jan 29 2021 Michal Ruprich - 1:3.4.2-1 - New version 3.4.2 - Fix for CVE-2020-26418, CVE-2020-26419, CVE-2020-26420, CVE-2020-26421 --------------------------------------------------------------------------------References: [ 1 ] Bug #1919912 - CVE-2020-26418 wireshark: Kafka dissector memory leak (wnpa-sec-2020-16) https://bugzilla.redhat.com/show_bug.cgi?id=1919912 [ 2 ] Bug #1919917 - CVE-2020-26419 wireshark: multiple dissector memory leaks (wnpa-sec-2020-19) https://bugzilla.redhat.com/show_bug.cgi?id=1919917 [ 3 ] Bug#1919919 - CVE-2020-26420 wireshark: RTPS dissector memory leak (wnpa-sec-2020-18) https://bugzilla.redhat.com/show_bug.cgi?id=1919919 [ 4 ] Bug #1919923 - CVE-2020-26421 wireshark: USB HID dissector crash (wnpa-sec-2020-17) https://bugzilla.redhat.com/show_bug.cgi?id=1919923 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-138674557c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 06, 2021
Fedora
89
security advisorycritical issuefedoraFedora 33: 2020-4cff262f07 Critical: Wireshark Infinite Loop Risk
New version 3.4.0. Security fix for CVE-2020-26575, CVE-2020-28030.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-4cff262f07 2020-12-13 02:07:36.430402 --------------------------------------------------------------------------------Name : wireshark Product : Fedora 33 Version : 3.4.0 Release : 1.fc33 URL : https://www.wireshark.org/ Summary : Network traffic analyzer Description : Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful features including a rich display filter language and the ability to reassemble multiple protocol packets in order to, for example, view a complete TCP stream, save the contents of a file which was transferred over HTTP or CIFS, or play back an RTP audio stream. --------------------------------------------------------------------------------Update Information: New version 3.4.0. Security fix for CVE-2020-26575, CVE-2020-28030. --------------------------------------------------------------------------------ChangeLog: * Thu Dec 3 2020 Michal Ruprich - 1:3.4.0-1 - New version 3.4.0 - Fix for CVE-2020-26575, CVE-2020-28030 --------------------------------------------------------------------------------References: [ 1 ] Bug #1886047 - CVE-2020-26575 wireshark: FBZERO dissector could enter an infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1886047 [ 2 ] Bug #1893110 - CVE-2020-28030 wireshark: malformed packet on wire could make GQUIC protocol dissector loop https://bugzilla.redhat.com/show_bug.cgi?id=1893110 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2020-4cff262f07' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 12, 2020
•Critical
Fedora
91
security advisorynetwork securityhigh severityGentoo: GLSA-200510-25 High: Ethereal Code Execution Threat
Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code or abnormal termination.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Ethereal: Multiple vulnerabilities in protocol dissectors Date: October 30, 2005 Bugs: #109348 ID: 200510-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code or abnormal termination. Background ========= Ethereal is a feature-rich network protocol analyzer. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/ethereal < 0.10.13-r1 > = 0.10.13-r1 Description ========== There are numerous vulnerabilities in versions of Ethereal prior to 0.10.13, including: * The SLIM3 and AgentX dissectors could overflow a buffer (CVE-2005-3243). * iDEFENSE discovered a buffer overflow in the SRVLOC dissector (CVE-2005-3184). * Multiple potential crashes in many dissectors have been fixed, see References for further details. Furthermore an infinite loop was discovered in the IRC protocol dissector of the 0.10.13 release (CVE-2005-3313). Impact ===== An attacker might be able to use these vulnerabilities to crash Ethereal or execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround ========= There is no known workaround at thistime. Resolution ========= All Ethereal users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-analyzer/ethereal-0.10.13-r1" References ========= [ 1 ] CVE-2005-3184 https://www.cve.org/CVERecord?id=CVE-2005-3184 [ 2 ] CVE-2005-3241 https://www.cve.org/CVERecord?id=CVE-2005-3241 [ 3 ] CVE-2005-3242 https://www.cve.org/CVERecord?id=CVE-2005-3242 [ 4 ] CVE-2005-3243 https://www.cve.org/CVERecord?id=CVE-2005-3243 [ 5 ] CVE-2005-3244 https://www.cve.org/CVERecord?id=CVE-2005-3244 [ 6 ] CVE-2005-3245 https://www.cve.org/CVERecord?id=CVE-2005-3245 [ 7 ] CVE-2005-3246 https://www.cve.org/CVERecord?id=CVE-2005-3246 [ 8 ] CVE-2005-3247 https://www.cve.org/CVERecord?id=CVE-2005-3247 [ 9 ] CVE-2005-3248 https://www.cve.org/CVERecord?id=CVE-2005-3248 [ 10 ] CVE-2005-3249 https://www.cve.org/CVERecord?id=CVE-2005-3249 [ 11 ] CVE-2005-3313 https://www.cve.org/CVERecord?id=CVE-2005-3313 [ 12 ] Ethereal enpa-sa-00021 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200510-25 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Oct 30, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!