Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2265-1 Final 1 1 2024-07-02T08:14:42Z current 2024-07-02T08:14:42Z 2024-07-02T08:14:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: Update to version 3.6.22: - CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops (bsc#1224274) - CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet (bsc#1224259) - CVE-2024-4855: The editcap command line utility could crash when injecting secrets while writing multiple files (bsc#1224276) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP6-SAP-Azure-LI-BYOS-2024-2265,Image SLES15-SP6-SAP-Azure-LI-BYOS-Production-2024-2265,Image SLES15-SP6-SAP-Azure-VLI-BYOS-2024-2265,Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production-2024-2265,SUSE-2024-2265,SUSE-SLE-Module-Basesystem-15-SP6-2024-2265,SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2265,openSUSE-SLE-15.6-2024-2265 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242265-1/ Link for SUSE-SU-2024:2265-1 https://lists.suse.com/pipermail/sle-updates/2024-July/035789.html E-Mail link for SUSE-SU-2024:2265-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224259 SUSE Bug 1224259 https://bugzilla.suse.com/1224274 SUSE Bug 1224274 https://bugzilla.suse.com/1224276 SUSE Bug 1224276 https://www.suse.com/security/cve/CVE-2024-4853/ SUSE CVE CVE-2024-4853 page https://www.suse.com/security/cve/CVE-2024-4854/ SUSE CVE CVE-2024-4854 page https://www.suse.com/security/cve/CVE-2024-4855/ SUSE CVE CVE-2024-4855 page Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 openSUSE Leap 15.6 wireshark-3.6.23-150600.18.3.1 libwireshark15-3.6.23-150600.18.3.1 libwiretap12-3.6.23-150600.18.3.1 libwsutil13-3.6.23-150600.18.3.1 wireshark-devel-3.6.23-150600.18.3.1 wireshark-ui-qt-3.6.23-150600.18.3.1 wireshark-3.6.23-150600.18.3.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS wireshark-3.6.23-150600.18.3.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS-Production wireshark-3.6.23-150600.18.3.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS wireshark-3.6.23-150600.18.3.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production libwireshark15-3.6.23-150600.18.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libwiretap12-3.6.23-150600.18.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libwsutil13-3.6.23-150600.18.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 wireshark-3.6.23-150600.18.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 wireshark-devel-3.6.23-150600.18.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 wireshark-ui-qt-3.6.23-150600.18.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 libwireshark15-3.6.23-150600.18.3.1 as a component of openSUSE Leap 15.6 libwiretap12-3.6.23-150600.18.3.1 as a component of openSUSE Leap 15.6 libwsutil13-3.6.23-150600.18.3.1 as a component of openSUSE Leap 15.6 wireshark-3.6.23-150600.18.3.1 as a component of openSUSE Leap 15.6 wireshark-devel-3.6.23-150600.18.3.1 as a component of openSUSE Leap 15.6 wireshark-ui-qt-3.6.23-150600.18.3.1 as a component of openSUSE Leap 15.6 Memory handling issue in editcap could cause denial of service via crafted capture file CVE-2024-4853 Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-LI-BYOS:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS:wireshark-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwireshark15-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwiretap12-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwsutil13-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:wireshark-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-devel-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-ui-qt-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwireshark15-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwiretap12-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwsutil13-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-devel-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-ui-qt-3.6.23-150600.18.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242265-1/ https://www.suse.com/security/cve/CVE-2024-4853.html CVE-2024-4853 https://bugzilla.suse.com/1224259 SUSE Bug 1224259 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file CVE-2024-4854 Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-LI-BYOS:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS:wireshark-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwireshark15-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwiretap12-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwsutil13-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:wireshark-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-devel-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-ui-qt-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwireshark15-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwiretap12-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwsutil13-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-devel-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-ui-qt-3.6.23-150600.18.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242265-1/ https://www.suse.com/security/cve/CVE-2024-4854.html CVE-2024-4854 https://bugzilla.suse.com/1224274 SUSE Bug 1224274 Use after free issue in editcap could cause denial of service via crafted capture file CVE-2024-4855 Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-LI-BYOS:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:wireshark-3.6.23-150600.18.3.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS:wireshark-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwireshark15-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwiretap12-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwsutil13-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:wireshark-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-devel-3.6.23-150600.18.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-ui-qt-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwireshark15-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwiretap12-3.6.23-150600.18.3.1 openSUSE Leap 15.6:libwsutil13-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-devel-3.6.23-150600.18.3.1 openSUSE Leap 15.6:wireshark-ui-qt-3.6.23-150600.18.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242265-1/ https://www.suse.com/security/cve/CVE-2024-4855.html CVE-2024-4855 https://bugzilla.suse.com/1224276 SUSE Bug 1224276