wireshark-2.6.2-17.el8

エラータID: AXSA:2023-7199:03

Release date: 
Saturday, December 23, 2023 - 00:33
Subject: 
wireshark-2.6.2-17.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network.

Security Fix(es):

* wireshark: RTPS dissector crash (CVE-2023-0666)
* wireshark: VMS TCPIPtrace file parser crash (CVE-2023-2856)
* wireshark: NetScaler file parser crash (CVE-2023-2858)
* wireshark: XRA dissector infinite loop (CVE-2023-2952)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2023-0666
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-2856
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2858
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2952
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

Solution: 

Update packages.

CVEs: 
CVE-2023-0666
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-2856
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2858
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2952
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Additional Info: 

N/A

Download: 

SRPMS
  1. wireshark-2.6.2-17.el8.src.rpm
    MD5: ef5713f9fec8aeff6c575ad92fbcc742
    SHA-256: 93daadb348462cc18f1ccbb626210bd1913ace7c45d96929cd49128ab8540634
    Size: 27.18 MB

Asianux Server 8 for x86_64
  1. wireshark-2.6.2-17.el8.x86_64.rpm
    MD5: 3d2ca487f58e236820caac8bcf628bd1
    SHA-256: f43d4494a675c96d88f371d3ea405dc91e4bff20eba153fd81b656f3cd3f2ec5
    Size: 3.64 MB
  2. wireshark-cli-2.6.2-17.el8.i686.rpm
    MD5: 1cf786d04bbeaf8daeaf8cc0b308d652
    SHA-256: cac0490f9b558d7417c0d1b66e6d87452e79ee62d248e1771f9d0d3b27a780ab
    Size: 14.95 MB
  3. wireshark-cli-2.6.2-17.el8.x86_64.rpm
    MD5: 3b8a80983461544e740f3622b335cf0c
    SHA-256: a2adf929ef3959e4c9099dce044524645d87db9fd623c9a8d719abc83de96ef4
    Size: 17.00 MB
  4. wireshark-devel-2.6.2-17.el8.i686.rpm
    MD5: bf955ebe74b752288a663d9ee20af2e1
    SHA-256: 88c584bfc80215b1fb15c33ef603e2ff0d64ad5cac84127a1e3619b4a15917c2
    Size: 1.25 MB
  5. wireshark-devel-2.6.2-17.el8.x86_64.rpm
    MD5: 2393452ede571519494a28fba9d31f6c
    SHA-256: 7fe316a9c9a05d457aa0c41e4d6cd0467288bd28fd4deee3148c9e3b97384c3f
    Size: 1.25 MB