openSUSE Security Update : wireshark (openSUSE-SU-2012:1633-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes the following issues for wireshark :

- Security update to 1.8.4 :

https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
http://seclists.org/oss-sec/2012/q4/378

CVE-2012-5592 Wireshark #1 pcap-ng hostname disclosure
(wnpa-sec-2012-30)

CVE-2012-5593 Wireshark #2 DoS (infinite loop) in the USB dissector
(wnpa-sec-2012-31)

CVE-2012-5594 Wireshark #3 DoS (infinite loop) in the sFlow dissector
(wnpa-sec-2012-32)

CVE-2012-5595 Wireshark #4 DoS (infinite loop) in the SCTP dissector
(wnpa-sec-2012-33)

CVE-2012-5596 Wireshark #5 DoS (infinite loop) in the EIGRP dissector
(wnpa-sec-2012-34)

CVE-2012-5597 Wireshark #6 DoS (crash) in the ISAKMP dissector
(wnpa-sec-2012-35)

CVE-2012-5598 Wireshark #7 DoS (infinite loop) in the iSCSI dissector
(wnpa-sec-2012-36)

CVE-2012-5599 Wireshark #8 DoS (infinite loop) in the WTP dissector
(wnpa-sec-2012-37)

CVE-2012-5600 Wireshark #9 DoS (infinite loop) in the RTCP dissector
(wnpa-sec-2012-38)

CVE-2012-5601 Wireshark #10 DoS (infinite loop) in the 3GPP2 A11
dissector (wnpa-sec-2012-39)

CVE-2012-5602 Wireshark #11 DoS (infinite loop) in the ICMPv6
dissector (wnpa-sec-2012-40)

And also the bugfix :

- bnc#780669: change wireshark.spec BuildRequires
lua-devel to lua51-devel to fix lua-support in openSUSE
12.2

See also :

http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
http://seclists.org/oss-sec/2012/q4/378
https://bugzilla.novell.com/show_bug.cgi?id=780669
https://bugzilla.novell.com/show_bug.cgi?id=792005
https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html

Solution :

Update the affected wireshark packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now