Overview

File _patchinfo of Package patchinfo.17937

<patchinfo incident="17937">
  <issue tracker="cve" id="2021-22174"/>
  <issue tracker="cve" id="2020-26421"/>
  <issue tracker="cve" id="2021-22173"/>
  <issue tracker="cve" id="2021-22207"/>
  <issue tracker="cve" id="2020-26422"/>
  <issue tracker="cve" id="2020-26419"/>
  <issue tracker="cve" id="2020-26418"/>
  <issue tracker="cve" id="2021-22191"/>
  <issue tracker="cve" id="2020-26420"/>
  <issue tracker="bnc" id="1181598">VUL-1: CVE-2021-22173: wireshark: USB HID dissector memory leak (wnpa-sec-2021-01)</issue>
  <issue tracker="bnc" id="1180102">wireshark: provide helpful error message if user doesn't have permissions to run dumpcap</issue>
  <issue tracker="bnc" id="1185128">VUL-1: CVE-2021-22207: wireshark: MS-WSP dissector excessive memory consumption</issue>
  <issue tracker="bnc" id="1184110">CMake 3.20 breaks wireshark package</issue>
  <issue tracker="bnc" id="1179930">VUL-1: CVE-2020-26418: wireshark: Kafka dissector memory leak (wnpa-sec-2020-16)</issue>
  <issue tracker="bnc" id="1180232">VUL-0: CVE-2020-26422: wireshark: QUIC dissector crash (wnpa-sec-2020-20)</issue>
  <issue tracker="bnc" id="1183353">VUL-0: CVE-2021-22191: wireshark: Wireshark could open unsafe URLs (wnpa-sec-2021-03)</issue>
  <issue tracker="bnc" id="1179932">VUL-1: CVE-2020-26420: wireshark: RTPS dissector memory leak (wnpa-sec-2020-18)</issue>
  <issue tracker="bnc" id="1179931">VUL-0: CVE-2020-26419: wireshark: Multiple dissector memory leaks fixed in 3.4.1 (wnpa-sec-2020-19)</issue>
  <issue tracker="bnc" id="1181599">VUL-1: CVE-2021-22174: wireshark: USB HID dissector crash (wnpa-sec-2021-02)</issue>
  <issue tracker="bnc" id="1179933">VUL-1: CVE-2020-26421: wireshark: USB HID dissector crash</issue>
  <packager>rfrohl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for wireshark</summary>
  <description>This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues:

Update wireshark to version 3.4.5

- New and updated support and bug fixes for multiple protocols
- Asynchronous DNS resolution is always enabled
- Protobuf fields can be dissected as Wireshark (header) fields
- UI improvements

Including security fixes for:

- CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353).
- CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128)
- CVE-2020-26422: QUIC dissector crash (bsc#1180232)
- CVE-2020-26418: Kafka dissector memory leak (bsc#1179930)
- CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931)
- CVE-2020-26420: RTPS dissector memory leak (bsc#1179932) 
- CVE-2020-26421: USB HID dissector crash (bsc#1179933)
- CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598)
- CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599)

libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places