Bugzilla – Bug 1195870
VUL-1: CVE-2022-0581: wireshark: CMS dissector crash (wnpa-sec-2022-05)
Last modified: 2022-03-04 14:35:16 UTC
It was discovered that in Wireshark before 3.6.2, 3.4.12 the CMS dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 Fixed versions: 3.6.2, 3.4.12 References: https://www.wireshark.org/security/wnpa-sec-2022-05 https://gitlab.com/wireshark/wireshark/-/issues/17935
Tracking as affected: - SUSE:SLE-15:Update/wireshark 3.6.1
Thanks Andreas for the changes update! on it's way to SLE over to security-team@suse
openSUSE-SU-2022:0722-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1195866,1195867,1195868,1195869,1195870 CVE References: CVE-2022-0581,CVE-2022-0582,CVE-2022-0583,CVE-2022-0585,CVE-2022-0586 JIRA References: Sources used: openSUSE Leap 15.4 (src): wireshark-3.6.2-3.71.1 openSUSE Leap 15.3 (src): wireshark-3.6.2-3.71.1
SUSE-SU-2022:0722-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1195866,1195867,1195868,1195869,1195870 CVE References: CVE-2022-0581,CVE-2022-0582,CVE-2022-0583,CVE-2022-0585,CVE-2022-0586 JIRA References: Sources used: SUSE Manager Server 4.1 (src): wireshark-3.6.2-3.71.1 SUSE Manager Retail Branch Server 4.1 (src): wireshark-3.6.2-3.71.1 SUSE Manager Proxy 4.1 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server for SAP 15 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Server 15-LTSS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): wireshark-3.6.2-3.71.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): wireshark-3.6.2-3.71.1 SUSE Enterprise Storage 7 (src): wireshark-3.6.2-3.71.1 SUSE Enterprise Storage 6 (src): wireshark-3.6.2-3.71.1 SUSE CaaS Platform 4.0 (src): wireshark-3.6.2-3.71.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.