ALAS-2024-567

Amazon Linux 2023 Security Advisory: ALAS-2024-567
Advisory Release Date: 2024-03-13 20:41 Pacific
Advisory Updated Date: 2024-03-21 14:00 Pacific

Severity: Medium

References: CVE-2024-24478
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. (CVE-2024-24478)

Affected Packages:

wireshark

Issue Correction:
Run dnf update wireshark --releasever 2023.4.20240319 to update your system.

New Packages:

aarch64:
    wireshark-cli-debuginfo-4.0.8-2.amzn2023.0.5.aarch64
    wireshark-cli-4.0.8-2.amzn2023.0.5.aarch64
    wireshark-devel-4.0.8-2.amzn2023.0.5.aarch64
    wireshark-debugsource-4.0.8-2.amzn2023.0.5.aarch64

src:
    wireshark-4.0.8-2.amzn2023.0.5.src

x86_64:
    wireshark-cli-debuginfo-4.0.8-2.amzn2023.0.5.x86_64
    wireshark-cli-4.0.8-2.amzn2023.0.5.x86_64
    wireshark-devel-4.0.8-2.amzn2023.0.5.x86_64
    wireshark-debugsource-4.0.8-2.amzn2023.0.5.x86_64

Additional References

Red Hat: CVE-2024-24478

Mitre: CVE-2024-24478

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2024-567

Additional References