openSUSE Security Update : wireshark (openSUSE-SU-2012:1035-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

wireshark was updated to 1.4.15

- The DCP ETSI dissector could trigger a zero division.
(wnpa-sec-2012-13 CVE-2012-4285)

- The XTP dissector could go into an infinite loop.
(wnpa-sec-2012-15 CVE-2012-4288)

- The AFP dissector could go into a large loop.
(wnpa-sec-2012-17 CVE-2012-4289)

- The RTPS2 dissector could overflow a buffer.
(wnpa-sec-2012-18 CVE-2012-4296)

- The CIP dissector could exhaust system memory.
(wnpa-sec-2012-20 CVE-2012-4291)

- The STUN dissector could crash. (wnpa-sec-2012-21
CVE-2012-4292)

- The EtherCAT Mailbox dissector could abort.
(wnpa-sec-2012-22 CVE-2012-4293)

- The CTDB dissector could go into a large loop.
(wnpa-sec-2012-23 CVE-2012-4290)

Further bug fixes and updated protocol support as listed in:
http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html

See also :

http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html
https://bugzilla.novell.com/show_bug.cgi?id=776083

Solution :

Update the affected wireshark packages.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74720 ()

Bugtraq ID:

CVE ID: CVE-2012-4285
CVE-2012-4288
CVE-2012-4289
CVE-2012-4290
CVE-2012-4291
CVE-2012-4292
CVE-2012-4293
CVE-2012-4296

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now