Bugzilla – Bug 1192830
VUL-0: wireshark: multiple CVEs fixed with version 3.4.10
Last modified: 2023-01-16 15:24:21 UTC
What’s New This release fixes a forward compatibility issue[1] with the I/O Graphs preferences. Bug Fixes The following vulnerabilities have been fixed: • wnpa-sec-2021-07[2] Bluetooth DHT dissector crash. Issue 17651[3]. CVE-2021-39929[4]. • wnpa-sec-2021-08[5] Bluetooth HCI_ISO dissector crash. Issue 17649[6]. CVE-2021-39926[7]. • wnpa-sec-2021-09[8] Bluetooth SDP dissector crash. Issue 17635[9]. CVE-2021-39925[10]. • wnpa-sec-2021-10[11] Bluetooth DHT dissector large loop. Issue 17677[12]. CVE-2021-39924[13]. • wnpa-sec-2021-11[14] PNRP dissector large loop. Issue 17684[15]. • wnpa-sec-2021-12[16] C12.22 dissector crash. Issue 17636[17]. CVE-2021-39922[18]. • wnpa-sec-2021-13[19] IEEE 802.11 dissector crash. Issue 17704[20]. CVE-2021-39928[21]. • wnpa-sec-2021-14[22] Modbus dissector crash. Issue 17703[23]. CVE-2021-39921[24]. • wnpa-sec-2021-15[25] IPPUSB dissector crash. Issue 17705[26]. CVE-2021-39920[27]. The following bugs have been fixed: • OSS-Fuzz: Heap-use-after-free in ROS Issue 16342[28]. • Allow for '\0' (NULL) character as filter instead of requiring 0x00 for the character match Issue 16525[29]. • Dumpcap with threads reports double received count vs captured Issue 17089[30]. • I/O Graphs values reset to default with 3.5 due to change of UAT Issue 17623[31]. • HTTP2 dissector reports an assertion error on large data frames Issue 17633[32]. • TShark stops capturing when capturing with multiple files and packet printing enabled Issue 17654[33]. • Wireshark is unable to decode the IMSI IE received in BSSMAP Perform Location request Issue 17667[34]. • WSLUA: Crash on reload if Proto has no fields Issue 17668[35]. • Crash in flow analysis for TCP Issue 17722[36]. New and Updated Features New Protocol Support There are no new protocols in this release. Updated Protocol Support BT HCI_ISO, BT SDP, BT-DHT, C12.22, CAN FD, CSN1, EAPOL-MKA, EVS, GSM BSSMAP LE, HTTP2, IDMP, IEEE 1905.1a, IEEE 802.11, IPPUSB, Modbus, PNRP, and TCP New and Updated Capture File Support pcap https://www.wireshark.org/docs/relnotes/wireshark-3.4.10.html
submitted by Paolo, on it's way to Factory
CVE-2021-39923 got assigned later to this release too
(In reply to Robert Frohl from comment #2) > CVE-2021-39923 got assigned later to this release too and is a duplicate of CVE-2021-39920: (In reply to Robert Frohl from comment #0) > • wnpa-sec-2021-15[25] IPPUSB dissector crash. Issue 17705[26]. > CVE-2021-39920[27].
openSUSE-SU-2021:3938-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1192830 CVE References: CVE-2021-39920,CVE-2021-39921,CVE-2021-39922,CVE-2021-39924,CVE-2021-39925,CVE-2021-39926,CVE-2021-39928,CVE-2021-39929 JIRA References: Sources used: openSUSE Leap 15.3 (src): wireshark-3.4.10-3.62.1
SUSE-SU-2021:3938-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1192830 CVE References: CVE-2021-39920,CVE-2021-39921,CVE-2021-39922,CVE-2021-39924,CVE-2021-39925,CVE-2021-39926,CVE-2021-39928,CVE-2021-39929 JIRA References: Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): wireshark-3.4.10-3.62.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): wireshark-3.4.10-3.62.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): wireshark-3.4.10-3.62.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): wireshark-3.4.10-3.62.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1566-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1192830 CVE References: CVE-2021-39920,CVE-2021-39921,CVE-2021-39922,CVE-2021-39924,CVE-2021-39925,CVE-2021-39926,CVE-2021-39928,CVE-2021-39929 JIRA References: Sources used: openSUSE Leap 15.2 (src): wireshark-3.4.10-lp152.2.21.1
done