openSUSE-SU-2021:2125-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:2125-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:2125-1
- Upstream
- Related
- Published
- 2021-07-10T08:56:57Z
- Modified
- 2025-05-07T18:11:57.699030Z
- Summary
- Security update for wireshark
- Details
-
This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues:
Update wireshark to version 3.4.5
- New and updated support and bug fixes for multiple protocols
- Asynchronous DNS resolution is always enabled
- Protobuf fields can be dissected as Wireshark (header) fields
- UI improvements
Including security fixes for:
- CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353).
- CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128)
- CVE-2020-26422: QUIC dissector crash (bsc#1180232)
- CVE-2020-26418: Kafka dissector memory leak (bsc#1179930)
- CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931)
- CVE-2020-26420: RTPS dissector memory leak (bsc#1179932)
- CVE-2020-26421: USB HID dissector crash (bsc#1179933)
- CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598)
- CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599)
libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EZGXWOFRVD3EFRZ6YDAJZEVPBP7IUHFI/
- https://bugzilla.suse.com/1179930
- https://bugzilla.suse.com/1179931
- https://bugzilla.suse.com/1179932
- https://bugzilla.suse.com/1179933
- https://bugzilla.suse.com/1180102
- https://bugzilla.suse.com/1180232
- https://bugzilla.suse.com/1181598
- https://bugzilla.suse.com/1181599
- https://bugzilla.suse.com/1183353
- https://bugzilla.suse.com/1184110
- https://bugzilla.suse.com/1185128
- https://www.suse.com/security/cve/CVE-2020-26418
- https://www.suse.com/security/cve/CVE-2020-26419
- https://www.suse.com/security/cve/CVE-2020-26420
- https://www.suse.com/security/cve/CVE-2020-26421
- https://www.suse.com/security/cve/CVE-2020-26422
- https://www.suse.com/security/cve/CVE-2021-22173
- https://www.suse.com/security/cve/CVE-2021-22174
- https://www.suse.com/security/cve/CVE-2021-22191
- https://www.suse.com/security/cve/CVE-2021-22207
Affected packages
openSUSE:Leap 15.3 / sbc
Package
- Name
- sbc
- Purl
- pkg:rpm/opensuse/sbc&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3-3.2.1
Ecosystem specific
{
"binaries": [
{
"libwsutil12": "3.4.5-3.53.1",
"wireshark-devel": "3.4.5-3.53.1",
"sbc-devel": "1.3-3.2.1",
"wireshark-ui-qt": "3.4.5-3.53.1",
"sbc": "1.3-3.2.1",
"libwireshark14": "3.4.5-3.53.1",
"libsbc1-32bit": "1.3-3.2.1",
"libwiretap11": "3.4.5-3.53.1",
"libsbc1": "1.3-3.2.1",
"wireshark": "3.4.5-3.53.1"
}
]
}
openSUSE:Leap 15.3 / wireshark
Package
- Name
- wireshark
- Purl
- pkg:rpm/opensuse/wireshark&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.5-3.53.1
Ecosystem specific
{
"binaries": [
{
"libwsutil12": "3.4.5-3.53.1",
"wireshark-devel": "3.4.5-3.53.1",
"sbc-devel": "1.3-3.2.1",
"wireshark-ui-qt": "3.4.5-3.53.1",
"sbc": "1.3-3.2.1",
"libwireshark14": "3.4.5-3.53.1",
"libsbc1-32bit": "1.3-3.2.1",
"libwiretap11": "3.4.5-3.53.1",
"libsbc1": "1.3-3.2.1",
"wireshark": "3.4.5-3.53.1"
}
]
}