ALAS2023-2023-440

Amazon Linux 2023 Security Advisory: ALAS2023-2023-440
Advisory Released Date: 2023-12-14
Advisory Updated Date: 2023-12-14

Severity: Medium

References: CVE-2023-6174 CVE-2023-6175
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file (CVE-2023-6174)

A heap based buffer overflow in Wireshark's NetScreen file parser may lead to a local arbitrary code execution via a crafted capture file. (CVE-2023-6175)

Affected Packages:

wireshark

Issue Correction:
Run dnf update wireshark --releasever 2023.3.20231211 to update your system.

New Packages:

aarch64:
    wireshark-cli-debuginfo-4.0.8-2.amzn2023.0.3.aarch64
    wireshark-cli-4.0.8-2.amzn2023.0.3.aarch64
    wireshark-devel-4.0.8-2.amzn2023.0.3.aarch64
    wireshark-debugsource-4.0.8-2.amzn2023.0.3.aarch64

src:
    wireshark-4.0.8-2.amzn2023.0.3.src

x86_64:
    wireshark-cli-debuginfo-4.0.8-2.amzn2023.0.3.x86_64
    wireshark-devel-4.0.8-2.amzn2023.0.3.x86_64
    wireshark-cli-4.0.8-2.amzn2023.0.3.x86_64
    wireshark-debugsource-4.0.8-2.amzn2023.0.3.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2023-6174, CVE-2023-6175

Mitre: CVE-2023-6174, CVE-2023-6175