SUSE SLED10 / SLES10 Security Update : wireshark (SUSE-SU-2013:1276-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This wireshark version update to 1.6.16 includes several security and
general bug fixes.

http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html

- The CAPWAP dissector could crash. Discovered by Laurent
Butti. (CVE-2013-4074)

- The HTTP dissector could overrun the stack. Discovered
by David Keeler. (CVE-2013-4081)

- The DCP ETSI dissector could crash. (CVE-2013-4083)

http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html

- The ASN.1 BER dissector could crash. ( CVE-2013-3556
CVE-2013-3557 )

The releases also fix various non-security issues.

Additionally, a crash in processing SCTP filters has been fixed.
(bug#816887)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?023b8157
http://support.novell.com/security/cve/CVE-2013-2486.html
http://support.novell.com/security/cve/CVE-2013-2487.html
http://support.novell.com/security/cve/CVE-2013-3555.html
http://support.novell.com/security/cve/CVE-2013-3556.html
http://support.novell.com/security/cve/CVE-2013-3557.html
http://support.novell.com/security/cve/CVE-2013-3558.html
http://support.novell.com/security/cve/CVE-2013-3559.html
http://support.novell.com/security/cve/CVE-2013-3560.html
http://support.novell.com/security/cve/CVE-2013-3561.html
http://support.novell.com/security/cve/CVE-2013-3562.html
http://support.novell.com/security/cve/CVE-2013-4074.html
http://support.novell.com/security/cve/CVE-2013-4075.html
http://support.novell.com/security/cve/CVE-2013-4076.html
http://support.novell.com/security/cve/CVE-2013-4077.html
http://support.novell.com/security/cve/CVE-2013-4078.html
http://support.novell.com/security/cve/CVE-2013-4079.html
http://support.novell.com/security/cve/CVE-2013-4080.html
http://support.novell.com/security/cve/CVE-2013-4081.html
http://support.novell.com/security/cve/CVE-2013-4082.html
http://support.novell.com/security/cve/CVE-2013-4083.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
https://bugzilla.novell.com/816887
https://bugzilla.novell.com/820973
https://bugzilla.novell.com/824900
http://www.nessus.org/u?4e71c4a9

Solution :

Update the affected wireshark packages

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false