openSUSE Security Update : wireshark (openSUSE-SU-2012:1633-1)

medium Nessus Plugin ID 74838
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes the following issues for wireshark :

- Security update to 1.8.4 :

https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html http://seclists.org/oss-sec/2012/q4/378

CVE-2012-5592 Wireshark #1 pcap-ng hostname disclosure (wnpa-sec-2012-30)

CVE-2012-5593 Wireshark #2 DoS (infinite loop) in the USB dissector (wnpa-sec-2012-31)

CVE-2012-5594 Wireshark #3 DoS (infinite loop) in the sFlow dissector (wnpa-sec-2012-32)

CVE-2012-5595 Wireshark #4 DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33)

CVE-2012-5596 Wireshark #5 DoS (infinite loop) in the EIGRP dissector (wnpa-sec-2012-34)

CVE-2012-5597 Wireshark #6 DoS (crash) in the ISAKMP dissector (wnpa-sec-2012-35)

CVE-2012-5598 Wireshark #7 DoS (infinite loop) in the iSCSI dissector (wnpa-sec-2012-36)

CVE-2012-5599 Wireshark #8 DoS (infinite loop) in the WTP dissector (wnpa-sec-2012-37)

CVE-2012-5600 Wireshark #9 DoS (infinite loop) in the RTCP dissector (wnpa-sec-2012-38)

CVE-2012-5601 Wireshark #10 DoS (infinite loop) in the 3GPP2 A11 dissector (wnpa-sec-2012-39)

CVE-2012-5602 Wireshark #11 DoS (infinite loop) in the ICMPv6 dissector (wnpa-sec-2012-40)

And also the bugfix :

- bnc#780669: change wireshark.spec BuildRequires lua-devel to lua51-devel to fix lua-support in openSUSE 12.2

Solution

Update the affected wireshark packages.

See Also

https://seclists.org/oss-sec/2012/q4/378

https://bugzilla.novell.com/show_bug.cgi?id=780669

https://bugzilla.novell.com/show_bug.cgi?id=792005

https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html

https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html

Plugin Details

Severity: Medium

ID: 74838

File Name: openSUSE-2012-844.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:wireshark, p-cpe:/a:novell:opensuse:wireshark-debuginfo, p-cpe:/a:novell:opensuse:wireshark-debugsource, p-cpe:/a:novell:opensuse:wireshark-devel, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 11/30/2012

Reference Information

CVE: CVE-2012-6052, CVE-2012-6053, CVE-2012-6054, CVE-2012-6055, CVE-2012-6056, CVE-2012-6057, CVE-2012-6058, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062