openSUSE Security Update : wireshark (openSUSE-SU-2012:1633-1)

Medium Nessus Plugin ID 74838

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 3.6

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes the following issues for wireshark :

- Security update to 1.8.4 :

https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html http://seclists.org/oss-sec/2012/q4/378

CVE-2012-5592 Wireshark #1 pcap-ng hostname disclosure (wnpa-sec-2012-30)

CVE-2012-5593 Wireshark #2 DoS (infinite loop) in the USB dissector (wnpa-sec-2012-31)

CVE-2012-5594 Wireshark #3 DoS (infinite loop) in the sFlow dissector (wnpa-sec-2012-32)

CVE-2012-5595 Wireshark #4 DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33)

CVE-2012-5596 Wireshark #5 DoS (infinite loop) in the EIGRP dissector (wnpa-sec-2012-34)

CVE-2012-5597 Wireshark #6 DoS (crash) in the ISAKMP dissector (wnpa-sec-2012-35)

CVE-2012-5598 Wireshark #7 DoS (infinite loop) in the iSCSI dissector (wnpa-sec-2012-36)

CVE-2012-5599 Wireshark #8 DoS (infinite loop) in the WTP dissector (wnpa-sec-2012-37)

CVE-2012-5600 Wireshark #9 DoS (infinite loop) in the RTCP dissector (wnpa-sec-2012-38)

CVE-2012-5601 Wireshark #10 DoS (infinite loop) in the 3GPP2 A11 dissector (wnpa-sec-2012-39)

CVE-2012-5602 Wireshark #11 DoS (infinite loop) in the ICMPv6 dissector (wnpa-sec-2012-40)

And also the bugfix :

- bnc#780669: change wireshark.spec BuildRequires lua-devel to lua51-devel to fix lua-support in openSUSE 12.2

Solution

Update the affected wireshark packages.

See Also

https://seclists.org/oss-sec/2012/q4/378

https://bugzilla.novell.com/show_bug.cgi?id=780669

https://bugzilla.novell.com/show_bug.cgi?id=792005

https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html

https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html

Plugin Details

Severity: Medium

ID: 74838

File Name: openSUSE-2012-844.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 3.6

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:wireshark, p-cpe:/a:novell:opensuse:wireshark-debuginfo, p-cpe:/a:novell:opensuse:wireshark-debugsource, p-cpe:/a:novell:opensuse:wireshark-devel, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2012/11/30

Reference Information

CVE: CVE-2012-6052, CVE-2012-6053, CVE-2012-6054, CVE-2012-6055, CVE-2012-6056, CVE-2012-6057, CVE-2012-6058, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062