Overview

File _patchinfo of Package patchinfo.35061

<patchinfo incident="35061">
  <issue tracker="bnc" id="1222030">VUL-0: CVE-2024-2955: wireshark: T.38 dissector crash</issue>
  <issue tracker="bnc" id="1218503">VUL-0: CVE-2024-0207: wireshark: HTTP3 dissector crash</issue>
  <issue tracker="bnc" id="1218506">VUL-0: CVE-2024-0210: wireshark: Zigbee TLV dissector crash</issue>
  <issue tracker="bnc" id="1218507">VUL-0: CVE-2024-0211: wireshark: DOCSIS dissector crash</issue>
  <issue tracker="bnc" id="1217247">VUL-0: CVE-2023-6174: wireshark: SSH dissector crash via packet injection or crafted capture file</issue>
  <issue tracker="bnc" id="1217272">VUL-0: CVE-2023-6175: wireshark: NetScreen file parser crash</issue>
  <issue tracker="bnc" id="1215959">VUL-0: CVE-2023-5371: wireshark: RTPS dissector memory leak (wnpa-sec-2023-27)</issue>
  <issue tracker="bnc" id="1213318">VUL-0: CVE-2023-3649: wireshark: iSCSI dissector crash</issue>
  <issue tracker="bnc" id="1211708">VUL-0: CVE-2023-2854: wireshark: BLF file parser crash</issue>
  <issue tracker="bnc" id="1211709">VUL-0: CVE-2023-0666: wireshark: RTPS dissector crash</issue>
  <issue tracker="bnc" id="1207666">VUL-0: CVE-2023-0414: wireshark: crash in the EAP dissector</issue>
  <issue tracker="cve" id="2024-2955"/>
  <issue tracker="cve" id="2024-0207"/>
  <issue tracker="cve" id="2024-0210"/>
  <issue tracker="cve" id="2024-0211"/>
  <issue tracker="cve" id="2023-6174"/>
  <issue tracker="cve" id="2023-6175"/>
  <issue tracker="cve" id="2023-5371"/>
  <issue tracker="cve" id="2023-3649"/>
  <issue tracker="cve" id="2023-2854"/>
  <issue tracker="cve" id="2023-0666"/>
  <issue tracker="cve" id="2023-0414"/>
  <issue tracker="jsc" id="PED-8517"/>
  <packager>rfrohl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for wireshark</summary>
  <description>This update for wireshark fixes the following issues:

wireshark was updated from version 3.6.23 to version 4.2.6 (jsc#PED-8517):

- Security issues fixed with this update:

  * CVE-2024-0207: HTTP3 dissector crash (bsc#1218503)
  * CVE-2024-0210: Zigbee TLV dissector crash (bsc#1218506)
  * CVE-2024-0211: DOCSIS dissector crash (bsc#1218507)
  * CVE-2023-6174: Fixed SSH dissector crash (bsc#1217247)
  * CVE-2023-6175: NetScreen file parser crash (bsc#1217272)
  * CVE-2023-5371: RTPS dissector memory leak (bsc#1215959)
  * CVE-2023-3649: iSCSI dissector crash (bsc#1213318)
  * CVE-2023-2854: BLF file parser crash (bsc#1211708)
  * CVE-2023-0666: RTPS dissector crash (bsc#1211709)
  * CVE-2023-0414: EAP dissector crash (bsc#1207666)

- Major changes introduced with versions 4.2.0 and 4.0.0:

  * Version 4.2.0 https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html
  * Version 4.0.0 https://www.wireshark.org/docs/relnotes/wireshark-4.0.0.html

- Added an aditional desktopfile to start wireshark which asks for
  the super user password.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places