Security update for wireshark SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4413-1 Final 1 1 2025-12-16T11:40:05Z current 2025-12-16T11:40:05Z 2025-12-16T11:40:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wireshark This update for wireshark fixes the following issues: - CVE-2025-13499: Fixed Kafka dissector crash due to a malformed packet (bsc#1254108). - CVE-2025-13946: Fixed MEGACO dissector infinite loop that allows a denial of service (bsc#1254472). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4413,SUSE-SLE-Module-Basesystem-15-SP7-2025-4413 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254413-1/ Link for SUSE-SU-2025:4413-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023560.html E-Mail link for SUSE-SU-2025:4413-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1254108 SUSE Bug 1254108 https://bugzilla.suse.com/1254472 SUSE Bug 1254472 https://www.suse.com/security/cve/CVE-2025-13499/ SUSE CVE CVE-2025-13499 page https://www.suse.com/security/cve/CVE-2025-13946/ SUSE CVE CVE-2025-13946 page SUSE Linux Enterprise Module for Basesystem 15 SP7 libwireshark15-3.6.24-150000.3.127.1 libwiretap12-3.6.24-150000.3.127.1 libwsutil13-3.6.24-150000.3.127.1 wireshark-3.6.24-150000.3.127.1 wireshark-devel-3.6.24-150000.3.127.1 wireshark-ui-qt-3.6.24-150000.3.127.1 Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service CVE-2025-13499 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254413-1/ https://www.suse.com/security/cve/CVE-2025-13499.html CVE-2025-13499 https://bugzilla.suse.com/1254108 SUSE Bug 1254108 MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service CVE-2025-13946 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254413-1/ https://www.suse.com/security/cve/CVE-2025-13946.html CVE-2025-13946 https://bugzilla.suse.com/1254472 SUSE Bug 1254472