Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03294-1 Final 1 1 2025-09-22T14:10:47Z current 2025-09-22T14:10:47Z 2025-09-22T14:10:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: - CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces (bsc#1249090). Non-security issues fixed: - Bug in UDS dissector with Service ReadDataByPeriodicIdentifier Response. - Incorrectly parsed `application/x-www-form-urlencoded` key following a name-value byte sequence with no `=`. - DNP3 time stamp not working after epoch time (year 2038). - Bug in LZ77 decoder; reads a 16-bit length when it should read a 32-bit length. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3294,SUSE-SLE-Module-Basesystem-15-SP6-2025-3294,SUSE-SLE-Module-Basesystem-15-SP7-2025-3294,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3294,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3294,openSUSE-SLE-15.6-2025-3294 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503294-1/ Link for SUSE-SU-2025:03294-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041794.html E-Mail link for SUSE-SU-2025:03294-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1249090 SUSE Bug 1249090 https://www.suse.com/security/cve/CVE-2025-9817/ SUSE CVE CVE-2025-9817 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 openSUSE Leap 15.6 libwireshark17-4.2.13-150600.18.26.1 libwiretap14-4.2.13-150600.18.26.1 libwsutil15-4.2.13-150600.18.26.1 wireshark-4.2.13-150600.18.26.1 wireshark-devel-4.2.13-150600.18.26.1 wireshark-ui-qt-4.2.13-150600.18.26.1 libwireshark17-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libwiretap14-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libwsutil15-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 wireshark-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libwireshark17-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libwiretap14-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libwsutil15-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 wireshark-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 wireshark-devel-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 wireshark-ui-qt-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 wireshark-devel-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 wireshark-ui-qt-4.2.13-150600.18.26.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libwireshark17-4.2.13-150600.18.26.1 as a component of openSUSE Leap 15.6 libwiretap14-4.2.13-150600.18.26.1 as a component of openSUSE Leap 15.6 libwsutil15-4.2.13-150600.18.26.1 as a component of openSUSE Leap 15.6 wireshark-4.2.13-150600.18.26.1 as a component of openSUSE Leap 15.6 wireshark-devel-4.2.13-150600.18.26.1 as a component of openSUSE Leap 15.6 wireshark-ui-qt-4.2.13-150600.18.26.1 as a component of openSUSE Leap 15.6 SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwireshark17-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwiretap14-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libwsutil15-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:wireshark-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libwireshark17-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libwiretap14-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libwsutil15-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:wireshark-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-devel-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:wireshark-ui-qt-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:wireshark-devel-4.2.13-150600.18.26.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:wireshark-ui-qt-4.2.13-150600.18.26.1 openSUSE Leap 15.6:libwireshark17-4.2.13-150600.18.26.1 openSUSE Leap 15.6:libwiretap14-4.2.13-150600.18.26.1 openSUSE Leap 15.6:libwsutil15-4.2.13-150600.18.26.1 openSUSE Leap 15.6:wireshark-4.2.13-150600.18.26.1 openSUSE Leap 15.6:wireshark-devel-4.2.13-150600.18.26.1 openSUSE Leap 15.6:wireshark-ui-qt-4.2.13-150600.18.26.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503294-1/ https://www.suse.com/security/cve/CVE-2025-9817.html CVE-2025-9817 https://bugzilla.suse.com/1249090 SUSE Bug 1249090