openSUSE-SU-2021:2125-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:2125-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:2125-1
Related
Published
2021-07-10T08:56:57Z
Modified
2021-07-10T08:56:57Z
Summary
Security update for wireshark
Details

This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues:

Update wireshark to version 3.4.5

  • New and updated support and bug fixes for multiple protocols
  • Asynchronous DNS resolution is always enabled
  • Protobuf fields can be dissected as Wireshark (header) fields
  • UI improvements

Including security fixes for:

  • CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353).
  • CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128)
  • CVE-2020-26422: QUIC dissector crash (bsc#1180232)
  • CVE-2020-26418: Kafka dissector memory leak (bsc#1179930)
  • CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931)
  • CVE-2020-26420: RTPS dissector memory leak (bsc#1179932)
  • CVE-2020-26421: USB HID dissector crash (bsc#1179933)
  • CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598)
  • CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599)

libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt.

References

Affected packages

openSUSE:Leap 15.3 / sbc

Package

Name
sbc
Purl
pkg:rpm/opensuse/sbc&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3-3.2.1

Ecosystem specific

{
    "binaries": [
        {
            "libsbc1-32bit": "1.3-3.2.1",
            "libsbc1": "1.3-3.2.1",
            "wireshark": "3.4.5-3.53.1",
            "wireshark-ui-qt": "3.4.5-3.53.1",
            "libwireshark14": "3.4.5-3.53.1",
            "sbc-devel": "1.3-3.2.1",
            "wireshark-devel": "3.4.5-3.53.1",
            "sbc": "1.3-3.2.1",
            "libwsutil12": "3.4.5-3.53.1",
            "libwiretap11": "3.4.5-3.53.1"
        }
    ]
}

openSUSE:Leap 15.3 / wireshark

Package

Name
wireshark
Purl
pkg:rpm/opensuse/wireshark&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.5-3.53.1

Ecosystem specific

{
    "binaries": [
        {
            "libsbc1-32bit": "1.3-3.2.1",
            "libsbc1": "1.3-3.2.1",
            "wireshark": "3.4.5-3.53.1",
            "wireshark-ui-qt": "3.4.5-3.53.1",
            "libwireshark14": "3.4.5-3.53.1",
            "sbc-devel": "1.3-3.2.1",
            "wireshark-devel": "3.4.5-3.53.1",
            "sbc": "1.3-3.2.1",
            "libwsutil12": "3.4.5-3.53.1",
            "libwiretap11": "3.4.5-3.53.1"
        }
    ]
}