openSUSE Security Update : wireshark (openSUSE-SU-2014:1249-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Wireshark was update to 1.10.10 [bnc#897055]

On openSUSE 12.3, the package was upgraded to 1.10.x from 1.8.x as it
was discontinued.

This update fixes vulnerabilities in Wireshark that could allow an
attacker to crash Wireshark or make it become unresponsive by sending
specific packages onto the network or have it loaded via a capture
file while the dissectors are running. It also contains a number of
other bug fixes.

- RTP dissector crash wnpa-sec-2014-12 CVE-2014-6421
CVE-2014-6422

- MEGACO dissector infinite loop wnpa-sec-2014-13
CVE-2014-6423

- Netflow dissector crash wnpa-sec-2014-14 CVE-2014-6424

- RTSP dissector crash wnpa-sec-2014-17 CVE-2014-6427

- SES dissector crash wnpa-sec-2014-18 CVE-2014-6428

- Sniffer file parser crash wnpa-sec-2014-19 CVE-2014-6429
CVE-2014-6430 CVE-2014-6431 CVE-2014-6432

- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.1
0.html

- includes changes from 1.10.9: fixes several crashes
triggered by malformed protocol packages

- vulnerabilities fixed :

- The Catapult DCT2000 and IrDA dissectors could underrun
a buffer wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162
(bnc#889901)

- The GSM Management dissector could crash
wnpa-sec-2014-09 CVE-2014-5163 (bnc#889906)

- The RLC dissector could crash wnpa-sec-2014-10
CVE-2014-5164 (bnc#889900)

- The ASN.1 BER dissector could crash wnpa-sec-2014-11
CVE-2014-5165 (bnc#889899)

- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9
.html

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
https://bugzilla.novell.com/show_bug.cgi?id=889899
https://bugzilla.novell.com/show_bug.cgi?id=889900
https://bugzilla.novell.com/show_bug.cgi?id=889901
https://bugzilla.novell.com/show_bug.cgi?id=889906
https://bugzilla.novell.com/show_bug.cgi?id=897055
https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html

Solution :

Update the affected wireshark packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now