openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of wireshark fixes the following vulnerabilities :

- CVE-2011-3266: Wireshark IKE dissector vulnerability

- CVE-2011-3360: Wireshark Lua script execution
vulnerability

- CVE-2011-3483: Wireshark buffer exception handling
vulnerability

- CVE-2011-2597: Lucent/Ascend file parser susceptible to
infinite loop

- CVE-2011-2698: ANSI MAP dissector susceptible to
infinite loop

- CVE-2011-1957: Large/infinite loop in the DICOM
dissector

- CVE-2011-1959: A corrupted snoop file could crash
Wireshark

- CVE-2011-2174: Malformed compressed capture data could
crash Wireshark

- CVE-2011-2175: A corrupted Visual Networks file could
crash Wireshark

- CVE-2011-1958: dereferene a NULL pointer if we had a
corrupted Diameter dictionary

See also :

http://lists.opensuse.org/opensuse-updates/2011-10/msg00016.html
https://bugzilla.novell.com/show_bug.cgi?id=697516
https://bugzilla.novell.com/show_bug.cgi?id=706728
https://bugzilla.novell.com/show_bug.cgi?id=718032

Solution :

Update the affected wireshark packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now