Detections
Analytics

MiracleLinux 4 : wireshark-1.8.10-17.AXS4 (AXSA:2015-372:01)

high Nessus Plugin ID 288945

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-372:01 advisory.

 Wireshark is a network traffic analyzer for Unix-ish operating systems.
 This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK package.
 Security issues fixed with this release:
 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0562 CVE-2015-0564 CVE-2015-2189 CVE-2015-2191 Fixed bugs:
 * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark to fix this bug.
 * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a bad scriptlet error message.
 With this update, the bug has been fixed.
 * Prior to this update, the Wireshark tool could not decode types of elliptic curves in Datagram Transport Layer Security (DTLS) Client Hello. Consequently, Wireshark incorrectly displayed elliptic curves types as data. A patch has been applied to address this bug.
 * Previously, a dependency on the gtk2 packages was missing from the wireshark packages. As a consequence, the Wireshark tool failed to start under certain circumstances due to an unresolved symbol, gtk_combo_box_text_new_with_entry, which was added in gtk version 2.24. With this update, the described problem was fixed.
 Enhancements:
 * With this update, the Wireshark tool supports process substitution, which feeds the output of a process (or processes) into the standard input of another process using the <(command_list) syntax. When using process substitution with large files as input, Wireshark failed to decode such input.
 * Wireshark has been enhanced to enable capturing packets with nanosecond time stamp precision, which allows better analysis of recorded network traffic.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected wireshark and / or wireshark-gnome packages.

See Also

https://tsn.miraclelinux.com/en/node/5719

Plugin Details

Severity: High

ID: 288945

File Name: miracle_linux_AXSA-2015-372.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2015-2191

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:wireshark-gnome, p-cpe:/a:miracle:linux:wireshark

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2015

Vulnerability Publication Date: 11/12/2014

Reference Information

CVE: CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191