openSUSE-SU-2021:0909-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0909-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0909-1

Related

Published

2021-06-24T09:52:56Z

Modified

2021-06-24T09:52:56Z

Summary

Security update for wireshark, libvirt, sbc, libqt5-qtmultimedia

Details

This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues:

Update wireshark to version 3.4.5

New and updated support and bug fixes for multiple protocols
Asynchronous DNS resolution is always enabled
Protobuf fields can be dissected as Wireshark (header) fields
UI improvements

Including security fixes for:

CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353).
CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128)
CVE-2020-26422: QUIC dissector crash (bsc#1180232)
CVE-2020-26418: Kafka dissector memory leak (bsc#1179930)
CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931)
CVE-2020-26420: RTPS dissector memory leak (bsc#1179932)
CVE-2020-26421: USB HID dissector crash (bsc#1179933)
CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598)
CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599)

libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt.

References

Affected packages

openSUSE:Leap 15.2 / wireshark

Package

Name: wireshark
Purl: purl:rpm/suse/wireshark&distro=openSUSE%20Leap%2015.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.5-lp152.2.12.1

Ecosystem specific

{
    "binaries": [
        {
            "libwiretap11": "3.4.5-lp152.2.12.1",
            "libwireshark14": "3.4.5-lp152.2.12.1",
            "wireshark-devel": "3.4.5-lp152.2.12.1",
            "wireshark": "3.4.5-lp152.2.12.1",
            "libwsutil12": "3.4.5-lp152.2.12.1",
            "wireshark-ui-qt": "3.4.5-lp152.2.12.1"
        }
    ]
}