openSUSE Security Update : wireshark (openSUSE-2015-226)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and
security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to
fix bugs and security issues.

The following security issues were fixed in 1.10.13 :

- The WCP dissector could crash. wnpa-sec-2015-07
CVE-2015-2188 [bnc#920696]

- The pcapng file parser could crash. wnpa-sec-2015-08
CVE-2015-2189 [bnc#920697]

- The TNEF dissector could go into an infinite loop.
wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699]

- Further bug fixes and updated protocol support as listed
in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.1
3.html

The following security issues were fixed in 1.12.4 :

- The following security issues were fixed :

- The ATN-CPDLC dissector could crash. wnpa-sec-2015-06
CVE-2015-2187 [bnc#920695]

- The WCP dissector could crash. wnpa-sec-2015-07
CVE-2015-2188 [bnc#920696]

- The pcapng file parser could crash. wnpa-sec-2015-08
CVE-2015-2189 [bnc#920697]

- The LLDP dissector could crash. wnpa-sec-2015-09
CVE-2015-2190 [bnc#920698]

- The TNEF dissector could go into an infinite loop.
wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699]

- The SCSI OSD dissector could go into an infinite loop.
wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700]

- Further bug fixes and updated protocol support as listed
in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.4
.html

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=920695
https://bugzilla.opensuse.org/show_bug.cgi?id=920696
https://bugzilla.opensuse.org/show_bug.cgi?id=920697
https://bugzilla.opensuse.org/show_bug.cgi?id=920698
https://bugzilla.opensuse.org/show_bug.cgi?id=920699
https://bugzilla.opensuse.org/show_bug.cgi?id=920700
https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.4.html

Solution :

Update the affected wireshark packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 81869 ()

Bugtraq ID:

CVE ID: CVE-2015-2187
CVE-2015-2188
CVE-2015-2189
CVE-2015-2190
CVE-2015-2191
CVE-2015-2192

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now