Updated wireshark packages fix security vulnerabilities
Publication date: 20 Feb 2024Modification date: 20 Feb 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5371 , CVE-2023-6174 , CVE-2023-6175 , CVE-2024-0208
Description
The updated packages fix security vulnerabilities:
RTPS dissector memory leak. (CVE-2023-5371)
SSH dissector invalid read of memory blocks. (CVE-2023-6174)
NetScreen File Parsing Heap-based Buffer Overflow. (CVE-2023-6175)
GVCP dissector crash via packet injection or crafted capture file.
(CVE-2024-0208)
References
- https://bugs.mageia.org/show_bug.cgi?id=32835
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5371
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6174
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0208
SRPMS
9/core
- wireshark-4.0.12-1.mga9