Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3323-1 Final 1 1 2024-09-19T06:52:02Z current 2024-09-19T06:52:02Z 2024-09-19T06:52:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: - CVE-2024-8250: Fixed NTLMSSP dissector crash (bsc#1229907). - CVE-2020-26421: Fixed USB HID dissector crash (bsc#1179933). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-3323,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-3323,SUSE-2024-3323,SUSE-SLE-SDK-12-SP5-2024-3323,SUSE-SLE-SERVER-12-SP5-2024-3323 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243323-1/ Link for SUSE-SU-2024:3323-1 https://lists.suse.com/pipermail/sle-updates/2024-September/036970.html E-Mail link for SUSE-SU-2024:3323-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179933 SUSE Bug 1179933 https://bugzilla.suse.com/1229907 SUSE Bug 1229907 https://www.suse.com/security/cve/CVE-2020-26421/ SUSE CVE CVE-2020-26421 page https://www.suse.com/security/cve/CVE-2024-8250/ SUSE CVE CVE-2024-8250 page Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 libwireshark9-2.4.16-48.57.1 libwiretap7-2.4.16-48.57.1 libwscodecs1-2.4.16-48.57.1 libwsutil8-2.4.16-48.57.1 wireshark-2.4.16-48.57.1 wireshark-devel-2.4.16-48.57.1 wireshark-gtk-2.4.16-48.57.1 wireshark-ui-qt-2.4.16-48.57.1 libwireshark9-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libwiretap7-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libwscodecs1-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libwsutil8-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production wireshark-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libwireshark9-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libwiretap7-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libwscodecs1-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libwsutil8-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production wireshark-2.4.16-48.57.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libwireshark9-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwiretap7-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwscodecs1-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwsutil8-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server 12 SP5 wireshark-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server 12 SP5 wireshark-gtk-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwireshark9-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwiretap7-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwscodecs1-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwsutil8-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 wireshark-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 wireshark-gtk-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 wireshark-devel-2.4.16-48.57.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVE-2020-26421 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwireshark9-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwiretap7-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwscodecs1-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwsutil8-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:wireshark-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwireshark9-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwiretap7-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwscodecs1-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwsutil8-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:wireshark-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwireshark9-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwiretap7-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwscodecs1-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwsutil8-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:wireshark-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:wireshark-gtk-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwireshark9-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwiretap7-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwscodecs1-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwsutil8-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:wireshark-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:wireshark-gtk-2.4.16-48.57.1 SUSE Linux Enterprise Software Development Kit 12 SP5:wireshark-devel-2.4.16-48.57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243323-1/ https://www.suse.com/security/cve/CVE-2020-26421.html CVE-2020-26421 https://bugzilla.suse.com/1179933 SUSE Bug 1179933 NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file CVE-2024-8250 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwireshark9-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwiretap7-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwscodecs1-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libwsutil8-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:wireshark-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwireshark9-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwiretap7-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwscodecs1-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libwsutil8-2.4.16-48.57.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:wireshark-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwireshark9-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwiretap7-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwscodecs1-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:libwsutil8-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:wireshark-2.4.16-48.57.1 SUSE Linux Enterprise Server 12 SP5:wireshark-gtk-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwireshark9-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwiretap7-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwscodecs1-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwsutil8-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:wireshark-2.4.16-48.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:wireshark-gtk-2.4.16-48.57.1 SUSE Linux Enterprise Software Development Kit 12 SP5:wireshark-devel-2.4.16-48.57.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243323-1/ https://www.suse.com/security/cve/CVE-2024-8250.html CVE-2024-8250 https://bugzilla.suse.com/1229907 SUSE Bug 1229907