Updated wireshark packages fix security vulnerabilities
Publication date: 03 Jun 2024Modification date: 03 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-4853 , CVE-2024-4854 , CVE-2024-4855
Description
Memory handling issue in editcap could cause denial of service via
crafted capture file. (CVE-2024-4853)
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to
4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via
packet injection or crafted capture file. (CVE-2024-4854)
Use after free issue in editcap could cause denial of service via
crafted capture file. (CVE-2024-4855)
References
- https://bugs.mageia.org/show_bug.cgi?id=33258
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4855
SRPMS
9/core
- wireshark-4.0.15-1.mga9