Bug 1179931 (CVE-2020-26419)

Summary: VUL-0: CVE-2020-26419: wireshark: Multiple dissector memory leaks fixed in 3.4.1 (wnpa-sec-2020-19)
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Robert Frohl <rfrohl>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: michael, security-team
Version: Leap 15.2   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/273166/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 5 Swamp Workflow Management 2021-06-22 16:21:21 UTC
SUSE-SU-2021:2125-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1179930,1179931,1179932,1179933,1180102,1180232,1181598,1181599,1183353,1184110,1185128
CVE References: CVE-2020-26418,CVE-2020-26419,CVE-2020-26420,CVE-2020-26421,CVE-2020-26422,CVE-2021-22173,CVE-2021-22174,CVE-2021-22191,CVE-2021-22207
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Manager Retail Branch Server 4.0 (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Manager Proxy 4.0 (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Server for SAP 15 (src):    libvirt-4.0.0-9.37.21, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Server 15-LTSS (src):    libvirt-4.0.0-9.37.21, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    libvirt-4.0.0-9.37.21, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    libvirt-4.0.0-9.37.21, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE Enterprise Storage 6 (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1
SUSE CaaS Platform 4.0 (src):    libqt5-qtmultimedia-5.9.7-7.2.1, sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-06-24 13:29:21 UTC
openSUSE-SU-2021:0909-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1179930,1179931,1179932,1179933,1180102,1180232,1181598,1181599,1183353,1184110,1185128
CVE References: CVE-2020-26418,CVE-2020-26419,CVE-2020-26420,CVE-2020-26421,CVE-2020-26422,CVE-2021-22173,CVE-2021-22174,CVE-2021-22191,CVE-2021-22207
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    wireshark-3.4.5-lp152.2.12.1
Comment 7 Robert Frohl 2021-07-05 07:14:19 UTC
released
Comment 8 Swamp Workflow Management 2021-07-10 13:18:03 UTC
openSUSE-SU-2021:2125-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1179930,1179931,1179932,1179933,1180102,1180232,1181598,1181599,1183353,1184110,1185128
CVE References: CVE-2020-26418,CVE-2020-26419,CVE-2020-26420,CVE-2020-26421,CVE-2020-26422,CVE-2021-22173,CVE-2021-22174,CVE-2021-22191,CVE-2021-22207
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    sbc-1.3-3.2.1, wireshark-3.4.5-3.53.1