Debian Long Term Support / LTS Security Information / 2022 / Security Information -- DLA-2967-1 wireshark

Debian Security Advisory

DLA-2967-1 wireshark -- LTS security update

Date Reported:

31 Mar 2022

Affected Packages:

wireshark

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2021-4181, CVE-2021-4184, CVE-2021-4185, CVE-2021-22191, CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585, CVE-2022-0586.

More information:

Multiple security vulnerabilities have been discovered in Wireshark, a network traffic analyzer. An attacker could cause a denial of service (infinite loop or application crash) via packet injection or a crafted capture file. Improper URL handling in Wireshark could also allow remote code execution. A double-click will no longer automatically open the URL in pcap(ng) files and instead copy it to the clipboard where it can be inspected and pasted to the browser's address bar.

For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u3.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS