An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1610
Final
1.0
1.0
2022-04-12
Initial
2022-04-12
2022-04-12
openEuler SA Tool V1.0
2022-04-12
wireshark security update
An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols.
Security Fix(es):
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file(CVE-2021-22207)
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.(CVE-2021-22191)
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file(CVE-2021-4181)
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file(CVE-2021-4185)
An update for wireshark is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
wireshark
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1610
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-22207
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-22191
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4181
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4185
https://nvd.nist.gov/vuln/detail/CVE-2021-22207
https://nvd.nist.gov/vuln/detail/CVE-2021-22191
https://nvd.nist.gov/vuln/detail/CVE-2021-4181
https://nvd.nist.gov/vuln/detail/CVE-2021-4185
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
wireshark-devel-2.6.2-21.oe1.aarch64.rpm
wireshark-debugsource-2.6.2-21.oe1.aarch64.rpm
wireshark-debuginfo-2.6.2-21.oe1.aarch64.rpm
wireshark-help-2.6.2-21.oe1.aarch64.rpm
wireshark-2.6.2-21.oe1.aarch64.rpm
wireshark-devel-2.6.2-21.oe1.aarch64.rpm
wireshark-debugsource-2.6.2-21.oe1.aarch64.rpm
wireshark-debuginfo-2.6.2-21.oe1.aarch64.rpm
wireshark-help-2.6.2-21.oe1.aarch64.rpm
wireshark-2.6.2-21.oe1.aarch64.rpm
wireshark-devel-2.6.2-21.oe1.aarch64.rpm
wireshark-debugsource-2.6.2-21.oe1.aarch64.rpm
wireshark-debuginfo-2.6.2-21.oe1.aarch64.rpm
wireshark-help-2.6.2-21.oe1.aarch64.rpm
wireshark-2.6.2-21.oe1.aarch64.rpm
wireshark-2.6.2-21.oe1.src.rpm
wireshark-2.6.2-21.oe1.src.rpm
wireshark-2.6.2-21.oe1.src.rpm
wireshark-debuginfo-2.6.2-21.oe1.x86_64.rpm
wireshark-2.6.2-21.oe1.x86_64.rpm
wireshark-help-2.6.2-21.oe1.x86_64.rpm
wireshark-devel-2.6.2-21.oe1.x86_64.rpm
wireshark-debugsource-2.6.2-21.oe1.x86_64.rpm
wireshark-debuginfo-2.6.2-21.oe1.x86_64.rpm
wireshark-2.6.2-21.oe1.x86_64.rpm
wireshark-help-2.6.2-21.oe1.x86_64.rpm
wireshark-devel-2.6.2-21.oe1.x86_64.rpm
wireshark-debugsource-2.6.2-21.oe1.x86_64.rpm
wireshark-debuginfo-2.6.2-21.oe1.x86_64.rpm
wireshark-2.6.2-21.oe1.x86_64.rpm
wireshark-help-2.6.2-21.oe1.x86_64.rpm
wireshark-devel-2.6.2-21.oe1.x86_64.rpm
wireshark-debugsource-2.6.2-21.oe1.x86_64.rpm
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
2022-04-12
CVE-2021-22207
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
wireshark security update
2022-04-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1610
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
2022-04-12
CVE-2021-22191
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
wireshark security update
2022-04-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1610
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
2022-04-12
CVE-2021-4181
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
wireshark security update
2022-04-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1610
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
2022-04-12
CVE-2021-4185
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
wireshark security update
2022-04-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1610