ALAS-2024-673

Amazon Linux 2023 Security Advisory: ALAS-2024-673
Advisory Release Date: 2024-07-18 01:25 Pacific
Advisory Updated Date: 2024-07-22 16:00 Pacific

Severity: Medium

References: CVE-2022-3190 CVE-2024-4853 CVE-2024-4854 CVE-2024-4855
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file (CVE-2022-3190)

Memory handling issue in editcap could cause denial of service via crafted capture file (CVE-2024-4853)

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file (CVE-2024-4854)

Use after free issue in editcap could cause denial of service via crafted capture file (CVE-2024-4855)

Affected Packages:

wireshark

Issue Correction:
Run dnf update wireshark --releasever 2023.5.20240722 to update your system.

New Packages:

aarch64:
    wireshark-cli-debuginfo-4.0.15-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.15-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.15-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.15-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.15-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.15-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.15-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.15-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.15-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2022-3190, CVE-2024-4853, CVE-2024-4854, CVE-2024-4855

Mitre: CVE-2022-3190, CVE-2024-4853, CVE-2024-4854, CVE-2024-4855

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2024-673

Additional References