An update for wireshark is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2078 Final 1.0 1.0 2022-11-11 Initial 2022-11-11 2022-11-11 openEuler SA Tool V1.0 2022-11-11 wireshark security update An update for wireshark is now available for openEuler-22.03-LTS. Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. Security Fix(es): Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0583) Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file(CVE-2022-0585) Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0581) Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0586) Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file(CVE-2022-0582) Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file(CVE-2022-3725) An update for wireshark is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical wireshark https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2078 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0583 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0585 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0581 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0586 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0582 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3725 https://nvd.nist.gov/vuln/detail/CVE-2022-0583 https://nvd.nist.gov/vuln/detail/CVE-2022-0585 https://nvd.nist.gov/vuln/detail/CVE-2022-0581 https://nvd.nist.gov/vuln/detail/CVE-2022-0586 https://nvd.nist.gov/vuln/detail/CVE-2022-0582 https://nvd.nist.gov/vuln/detail/CVE-2022-3725 openEuler-22.03-LTS wireshark-debuginfo-3.6.2-3.oe2203.aarch64.rpm wireshark-help-3.6.2-3.oe2203.aarch64.rpm wireshark-3.6.2-3.oe2203.aarch64.rpm wireshark-debugsource-3.6.2-3.oe2203.aarch64.rpm wireshark-devel-3.6.2-3.oe2203.aarch64.rpm wireshark-3.6.2-3.oe2203.src.rpm wireshark-debuginfo-3.6.2-3.oe2203.x86_64.rpm wireshark-debugsource-3.6.2-3.oe2203.x86_64.rpm wireshark-3.6.2-3.oe2203.x86_64.rpm wireshark-devel-3.6.2-3.oe2203.x86_64.rpm wireshark-help-3.6.2-3.oe2203.x86_64.rpm Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-11-11 CVE-2022-0583 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H wireshark security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2078 Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file 2022-11-11 CVE-2022-0585 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H wireshark security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2078 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-11-11 CVE-2022-0581 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H wireshark security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2078 Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-11-11 CVE-2022-0586 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H wireshark security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2078 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-11-11 CVE-2022-0582 openEuler-22.03-LTS Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H wireshark security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2078 Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file 2022-11-11 CVE-2022-3725 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H wireshark security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2078