Advisories

MGASA-2021-0518 - Updated wireshark packages fix security vulnerability

Publication date: 20 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0518.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-39920,
     CVE-2021-39921,
     CVE-2021-39922,
     CVE-2021-39924,
     CVE-2021-39925,
     CVE-2021-39926,
     CVE-2021-39928,
     CVE-2021-39929

IPPUSB dissector crash (CVE-2021-39920).
Modbus dissector crash (CVE-2021-39921).
C12.22 dissector crash (CVE-2021-39922).
PNRP dissector large loop (wnpa-sec-2021-11).
Bluetooth DHT dissector large loop (CVE-2021-39924).
Bluetooth SDP dissector crash (CVE-2021-39925).
Bluetooth HCI_ISO dissector crash (CVE-2021-39926).
IEEE 802.11 dissector crash (CVE-2021-39928).
Bluetooth DHT dissector crash (CVE-2021-39929).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29670
- https://www.wireshark.org/security/wnpa-sec-2021-07
- https://www.wireshark.org/security/wnpa-sec-2021-08
- https://www.wireshark.org/security/wnpa-sec-2021-09
- https://www.wireshark.org/security/wnpa-sec-2021-10
- https://www.wireshark.org/security/wnpa-sec-2021-11
- https://www.wireshark.org/security/wnpa-sec-2021-12
- https://www.wireshark.org/security/wnpa-sec-2021-13
- https://www.wireshark.org/security/wnpa-sec-2021-14
- https://www.wireshark.org/security/wnpa-sec-2021-15
- https://www.wireshark.org/docs/relnotes/wireshark-3.4.8.html
- https://www.wireshark.org/docs/relnotes/wireshark-3.4.9.html
- https://www.wireshark.org/docs/relnotes/wireshark-3.4.10.html
- https://www.wireshark.org/news/20210825.html
- https://www.wireshark.org/news/20211006.html
- https://www.wireshark.org/news/20211117.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39920
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39921
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39922
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39924
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39925
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39926
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39928
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39929

SRPMS:
- 8/core/wireshark-3.4.10-1.mga8

Mageia 2021-0518: wireshark security update

IPPUSB dissector crash (CVE-2021-39920)

Summary

IPPUSB dissector crash (CVE-2021-39920). Modbus dissector crash (CVE-2021-39921). C12.22 dissector crash (CVE-2021-39922). PNRP dissector large loop (wnpa-sec-2021-11). Bluetooth DHT dissector large loop (CVE-2021-39924). Bluetooth SDP dissector crash (CVE-2021-39925). Bluetooth HCI_ISO dissector crash (CVE-2021-39926). IEEE 802.11 dissector crash (CVE-2021-39928). Bluetooth DHT dissector crash (CVE-2021-39929).

Resolution

MGASA-2021-0518 - Updated wireshark packages fix security vulnerability

References

- https://bugs.mageia.org/show_bug.cgi?id=29670

- https://www.wireshark.org/security/wnpa-sec-2021-07

- https://www.wireshark.org/security/wnpa-sec-2021-08

- https://www.wireshark.org/security/wnpa-sec-2021-09

- https://www.wireshark.org/security/wnpa-sec-2021-10

- https://www.wireshark.org/security/wnpa-sec-2021-11

- https://www.wireshark.org/security/wnpa-sec-2021-12

- https://www.wireshark.org/security/wnpa-sec-2021-13

- https://www.wireshark.org/security/wnpa-sec-2021-14

- https://www.wireshark.org/security/wnpa-sec-2021-15

- https://www.wireshark.org/docs/relnotes/wireshark-3.4.8.html

- https://www.wireshark.org/docs/relnotes/wireshark-3.4.9.html

- https://www.wireshark.org/docs/relnotes/wireshark-3.4.10.html

- https://www.wireshark.org/news/20210825.html

- https://www.wireshark.org/news/20211006.html

- https://www.wireshark.org/news/20211117.html

Severity
Issued Date: 20 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0518.html
Type: security
CVE: CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.