ASA-202103-2 log original external raw

[ASA-202103-2] wireshark-qt: arbitrary code execution
Arch Linux Security Advisory ASA-202103-2 ========================================= Severity: Medium Date : 2021-03-13 CVE-ID : CVE-2021-22191 Package : wireshark-qt Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1669 Summary ======= The package wireshark-qt before version 3.4.4-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.4.4-1. # pacman -Syu "wireshark-qt>=3.4.4-1" The problem has been fixed upstream in version 3.4.4. Workaround ========== None. Description =========== A security issue has been found in Wireshark before version 3.4.4. Some fields in the Wireshark proto_tree are double-clickable and pass URLs with arbitrary schemes to the QDesktopServices::openUrl function. http and https URLs passed to this function are opened by the browser which is generally safe. For some other schemes like dav and file however, referenced files will be opened by the system's standard application associated with their file type. By preparing internet-hosted file shares and executable files, arbitrary code execution can be achieved via malicious pcap(ng) files or captured live-traffic and some user interaction. Impact ====== A remote attacker might be able to execute arbitrary code via a crafted network packet, or a crafted packet trace file. References ========== https://www.wireshark.org/security/wnpa-sec-2021-03.html https://gitlab.com/wireshark/wireshark/-/issues/17232 https://gitlab.com/wireshark/wireshark/-/merge_requests/2074 https://gitlab.com/wireshark/wireshark/-/commit/b2c58d020c100958beb59d9e62471efab5c3cc2d https://security.archlinux.org/CVE-2021-22191