ALAS2023-2026-1904


Amazon Linux 2023 Security Advisory: ALAS2023-2026-1904
Advisory Released Date: 2026-07-07
Advisory Updated Date: 2026-07-07
Severity: Medium

Issue Overview:

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5299)

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5401)

K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5404)

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5406)

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5407)

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5408)

Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5409)

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5653)

AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5654)

iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-5657)

MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6519)

OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6520)

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6521)

RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6522)

GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6523)

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6524)

ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6527)

iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6529)

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6530)

SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6531)

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6532)

Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6533)

USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6534)

Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6535)

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6537)

BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6538)

SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6867)

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6868)

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6869)

GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-6870)

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-7375)

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-7376)

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-7378)

Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service (CVE-2026-7379)

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service (CVE-2026-9759)


Affected Packages:

wireshark


Issue Correction:
Run dnf update wireshark --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1904 --releasever 2023.12.20260706 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    wireshark-cli-debuginfo-4.6.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.6.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.6.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.6.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.6.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.6.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.6.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.6.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.6.6-1.amzn2023.0.1.x86_64