Updated wireshark packages fix security vulnerabilities
Publication date: 30 Sep 2023Modification date: 30 Sep 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-2906 , CVE-2023-4511 , CVE-2023-4512 , CVE-2023-4513
Description
The updated wireshark packages fix security vulnerabilities:
Due to a failure in validating the length provided by an
attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7
is susceptible to a divide by zero allowing for a denial of service
attack. (CVE-2023-2906)
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to
3.6.15 allows denial of service via packet injection or crafted capture
file. (CVE-2023-4511)
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of
service via packet injection or crafted capture file. (CVE-2023-4512)
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to
3.6.15 allows denial of service via packet injection or crafted capture
file. (CVE-2023-4513)
References
- https://bugs.mageia.org/show_bug.cgi?id=32275
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2906
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4513
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2906
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4513
SRPMS
9/core
- wireshark-4.0.8-1.mga9