Bugzilla – Bug 1194166
VUL-1: CVE-2021-4185: wireshark: RTMPT dissector infinite loop (wnpa-sec-2021-17)
Last modified: 2022-03-01 10:55:22 UTC
The RTMPT dissector could go into an infinite loop. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.6.0, 3.4.0 to 3.4.10 Fixed versions: 3.6.1, 3.4.11 References: https://www.wireshark.org/security/wnpa-sec-2021-17 https://gitlab.com/wireshark/wireshark/-/issues/17745
submitted to factory, need to think about how to solve this in SLE
openSUSE-SU-2022:0375-1: An update that solves 6 vulnerabilities, contains one feature and has one errata is now available. Category: security (moderate) Bug References: 1194166,1194167,1194168,1194169,1194170,1194171,1194780 CVE References: CVE-2021-4181,CVE-2021-4182,CVE-2021-4183,CVE-2021-4184,CVE-2021-4185,CVE-2021-4190 JIRA References: SLE-18727 Sources used: openSUSE Leap 15.3 (src): libvirt-7.1.0-150300.6.23.1, wireshark-3.6.1-3.68.1
SUSE-SU-2022:0375-1: An update that solves 6 vulnerabilities, contains one feature and has one errata is now available. Category: security (moderate) Bug References: 1194166,1194167,1194168,1194169,1194170,1194171,1194780 CVE References: CVE-2021-4181,CVE-2021-4182,CVE-2021-4183,CVE-2021-4184,CVE-2021-4185,CVE-2021-4190 JIRA References: SLE-18727 Sources used: SUSE Manager Server 4.1 (src): wireshark-3.6.1-3.68.1 SUSE Manager Retail Branch Server 4.1 (src): wireshark-3.6.1-3.68.1 SUSE Manager Proxy 4.1 (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server for SAP 15 (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Server 15-LTSS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): libvirt-7.1.0-150300.6.23.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): libvirt-7.1.0-150300.6.23.1, wireshark-3.6.1-3.68.1 SUSE Linux Enterprise Micro 5.1 (src): libvirt-7.1.0-150300.6.23.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): wireshark-3.6.1-3.68.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): wireshark-3.6.1-3.68.1 SUSE Enterprise Storage 7 (src): wireshark-3.6.1-3.68.1 SUSE Enterprise Storage 6 (src): wireshark-3.6.1-3.68.1 SUSE CaaS Platform 4.0 (src): wireshark-3.6.1-3.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.