SuSE 10 Security Update : wireshark (ZYPP Patch Number 8267)

Low Nessus Plugin ID 62097

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 3.6

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

wireshark was updated to 1.4.15 to fix multiple security issues.

Issues fixed :

- fix bnc#776038(CVE-2012-4285 / CVE-2012-4288 / CVE-2012-4289 / CVE-2012-4296 / CVE-2012-4291 / CVE-2012-4292 / CVE-2012-4293 / CVE-2012-4290), bnc#772738 (CVE-2012-4048 / CVE-2012-4049)(fixed upstream)

- Security fixes: o wnpa-sec-2012-13 The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566) o wnpa-sec-2012-15 The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571) o wnpa-sec-2012-17 The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603) o wnpa-sec-2012-18 The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7568) o wnpa-sec-2012-20 The CIP dissector could exhaust system memory. Reported y Ben Schmidt.
(Bug 7570) o wnpa-sec-2012-21 The STUN dissector could crash. Reported by Laurent Butti. (Bug 7569) o wnpa-sec-2012-22 The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (Bug 7562) o wnpa-sec-2012-23 The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7573)

- Bug fixes: o Wireshark crashes on opening very short NFS pcap file. (Bug 7498)

- Updated Protocol Support o AFP, Bluetooth L2CAP, CIP, CTDB, DCP ETSI, EtherCAT Mailbox, FC Link Control LISP, NFS, RTPS2, SCTP, STUN, XTP

Solution

Apply ZYPP patch number 8267.

See Also

http://support.novell.com/security/cve/CVE-2012-4048.html

http://support.novell.com/security/cve/CVE-2012-4049.html

http://support.novell.com/security/cve/CVE-2012-4285.html

http://support.novell.com/security/cve/CVE-2012-4288.html

http://support.novell.com/security/cve/CVE-2012-4289.html

http://support.novell.com/security/cve/CVE-2012-4290.html

http://support.novell.com/security/cve/CVE-2012-4291.html

http://support.novell.com/security/cve/CVE-2012-4292.html

http://support.novell.com/security/cve/CVE-2012-4293.html

http://support.novell.com/security/cve/CVE-2012-4296.html

Plugin Details

Severity: Low

ID: 62097

File Name: suse_wireshark-8267.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2012/09/14

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Low

VPR Score: 3.6

CVSS v2.0

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2012/08/31

Reference Information

CVE: CVE-2012-4048, CVE-2012-4049, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4296