Announcement ID: | SUSE-SU-2023:3252-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves nine vulnerabilities can now be installed.
This update for wireshark fixes the following issues:
Update to Wireshark 3.6.15: - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.15.html
Security fixes: - CVE-2023-0667: Fixed failure to validate MS-MMS packet length (bsc#1212084). - CVE-2023-0668: Fixed IEEE C37.118 Synchrophasor dissector crash (bsc#1211710). - CVE-2023-2855: Fixed Candump log file parser crash (bsc#1211703). - CVE-2023-2856: Fixed VMS TCPIPtrace file parser crash (bsc#1211707). - CVE-2023-2857: Fixed BLF file parser crash (bsc#1211705). - CVE-2023-2858: Fixed NetScaler file parser crash (bsc#1211706). - CVE-2023-2879: Fixed GDSDB dissector infinite loop (bsc#1211793). - CVE-2023-2952: Fixed XRA dissector infinite loop (bsc#1211844). - CVE-2023-3648: Fixed Kafka dissector crash (bsc#1213319).
To install this SUSE Moderate update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
zypper in -t patch openSUSE-SLE-15.4-2023-3252=1
zypper in -t patch openSUSE-SLE-15.5-2023-3252=1
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3252=1
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3252=1
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3252=1
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3252=1
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3252=1
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3252=1
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-3252=1
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3252=1