Scientific Linux Security Update : wireshark on SL5.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A heap-based buffer overflow flaw was found in the way Wireshark
handled Endace ERF (Extensible Record Format) capture files. If
Wireshark opened a specially- crafted ERF capture file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2011-4102)

Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2011-1958,
CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041,
CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285,
CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)

This update also fixes the following bugs :

- When Wireshark starts with the X11 protocol being
tunneled through an SSH connection, it automatically
prepares its capture filter to omit the SSH packets. If
the SSH connection was to a link-local IPv6 address
including an interface name (for example ssh -X
[ipv6addr]%eth0), Wireshark parsed this address
erroneously, constructed an incorrect capture filter and
refused to capture packets. The 'Invalid capture filter'
message was displayed. With this update, parsing of
link-local IPv6 addresses is fixed and Wireshark
correctly prepares a capture filter to omit SSH packets
over a link-local IPv6 connection.

- Previously, Wireshark's column editing dialog malformed
column names when they were selected. With this update,
the dialog is fixed and no longer breaks column names.

- Previously, TShark, the console packet analyzer, did not
properly analyze the exit code of Dumpcap, Wireshark's
packet capturing back end. As a result, TShark returned
exit code 0 when Dumpcap failed to parse its
command-line arguments. In this update, TShark correctly
propagates the Dumpcap exit code and returns a non-zero
exit code when Dumpcap fails.

- Previously, the TShark '-s' (snapshot length) option
worked only for a value greater than 68 bytes. If a
lower value was specified, TShark captured just 68 bytes
of incoming packets. With this update, the '-s' option
is fixed and sizes lower than 68 bytes work as expected.

This update also adds the following enhancement :

- In this update, support for the 'NetDump' protocol was
added.

All running instances of Wireshark must be restarted for the update to
take effect.

See also :

http://www.nessus.org/u?b497c1fe

Solution :

Update the affected wireshark, wireshark-debuginfo and / or
wireshark-gnome packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)