[website] r1742 - html/trunk/blfs/advisories

Mon, 15 Mar 2021 22:09:07 -0700 

Author: renodr
Date: Mon Mar 15 22:09:00 2021
New Revision: 1742

Log:
Security Advisories: Add 10.1-006 for Wireshark RCE

Modified:
   html/trunk/blfs/advisories/10.1.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html        Mon Mar 15 07:47:19 2021        
(r1741)
+++ html/trunk/blfs/advisories/10.1.html        Mon Mar 15 22:09:00 2021        
(r1742)
@@ -87,4 +87,15 @@
 
 <!-- end of QtWebEngine -->
 
+    <h3>Wireshark</h3>
+
+    <a id="10.1-006">
+    <h4>10.1 006 Wireshark    Date: 2021-03-16  Severity: High</h4>
+    <p>In Wireshark before 3.4.4, a security vulnerability existed that could
+    result in unsafe URLs being opened via a malicious capture packet file.
+    This vulnerability existed for 17 years. Update to Wireshark-3.4.4.
+    <a href="consolidated.html#10.1-005">10.1-006</a></p>
+
+    <!-- end of Wireshark -->
+
 <!--#include virtual="/common/footer.html" -->

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Mon Mar 15 07:47:19 
2021        (r1741)
+++ html/trunk/blfs/advisories/consolidated.html        Mon Mar 15 22:09:00 
2021        (r1742)
@@ -80,6 +80,20 @@
     <p>There are currently no known security vulnerabilities for the latest
     releases of the books.</p>
     -->
+    <a id="10.1-006">
+    <h4>10.1 006 Wireshark Date: 2021-03-16 Severity: High</h4>
+    <p>In Wireshark-3.4.4, a 17-year-old security vulnerability was fixed that
+    could allow Wireshark to open unsafe URLs from within packet dumps. These
+    unsafe URLs did not follow standard HTTP/HTTPS schemes, but examples were
+    shown using the NFS protocol as well as WebDAV and SMB3. This could result
+    in remote code execution while reading a packet capture file.
+    This has been assigned
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-22191";>CVE-2021-22191</a>.</p>
+    Additional details may be found at
+    <a href="https://gitlab.com/wireshark/wireshark/-/issues/17232";>Wireshark 
Gitlab Issue 17232</a>.</p>
+    <p>To fix this, update to Wireshark-3.4.4 or later using the instructions 
in
+    <a href="../view/svn/basicnet/wireshark.html">Wireshark (sysv)</a> or
+    <a href="../view/systemd/basicnet/wireshark.html">Wireshark 
(systemd)</a>.</p>
 
     <a id="10.1-005">
     <h4>10.1 005 Linux Kernel (LFS)  Date: 2021-03-15  Severity: Low</h4>
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to