Amazon Linux 2023 Security Advisory: ALAS-2023-199
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-07 20:09 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file (CVE-2022-4344)
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file (CVE-2022-4345)
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1992)
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1993)
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1994)
Affected Packages:
wireshark
Issue Correction:
Run dnf update wireshark --releasever 2023.0.20230607 to update your system.
aarch64:
wireshark-cli-debuginfo-4.0.5-1.amzn2023.0.1.aarch64
wireshark-cli-4.0.5-1.amzn2023.0.1.aarch64
wireshark-devel-4.0.5-1.amzn2023.0.1.aarch64
wireshark-debugsource-4.0.5-1.amzn2023.0.1.aarch64
src:
wireshark-4.0.5-1.amzn2023.0.1.src
x86_64:
wireshark-cli-debuginfo-4.0.5-1.amzn2023.0.1.x86_64
wireshark-cli-4.0.5-1.amzn2023.0.1.x86_64
wireshark-devel-4.0.5-1.amzn2023.0.1.x86_64
wireshark-debugsource-4.0.5-1.amzn2023.0.1.x86_64