Debian Security Advisory
DLA-2967-1 wireshark -- LTS security update
- Date Reported:
- 31 Mar 2022
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2021-4181, CVE-2021-4184, CVE-2021-4185, CVE-2021-22191, CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585, CVE-2022-0586.
- More information:
Multiple security vulnerabilities have been discovered in Wireshark, a network traffic analyzer. An attacker could cause a denial of service (infinite loop or application crash) via packet injection or a crafted capture file. Improper URL handling in Wireshark could also allow remote code execution. A double-click will no longer automatically open the URL in pcap(ng) files and instead copy it to the clipboard where it can be inspected and pasted to the browser's address bar.
For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u3.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS