openSUSE Security Update : wireshark (openSUSE-SU-2013:0947-1)

High Nessus Plugin ID 75017

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 3.6

Synopsis

The remote openSUSE host is missing a security update.

Description

This update of wireshark includes several security and bug fixes.
[bnc#820566]

+ vulnerabilities fixed :

- The RELOAD dissector could go into an infinite loop.
wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487

- The GTPv2 dissector could crash. wnpa-sec-2013-24

- The ASN.1 BER dissector could crash. wnpa-sec-2013-25

- The PPP CCP dissector could crash. wnpa-sec-2013-26

- The DCP ETSI dissector could crash. wnpa-sec-2013-27

- The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28

- The Websocket dissector could crash. wnpa-sec-2013-29

- The MySQL dissector could go into an infinite loop.
wnpa-sec-2013-30

- The ETCH dissector could go into a large loop.
wnpa-sec-2013-31

+ Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.
html

Solution

Update the affected wireshark packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=820566

https://lists.opensuse.org/opensuse-updates/2013-05/msg00040.html

https://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html

https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html

Plugin Details

Severity: High

ID: 75017

File Name: openSUSE-2013-453.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 3.6

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:wireshark, p-cpe:/a:novell:opensuse:wireshark-debuginfo, p-cpe:/a:novell:opensuse:wireshark-debugsource, p-cpe:/a:novell:opensuse:wireshark-devel, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2013/05/21

Reference Information

CVE: CVE-2013-2486, CVE-2013-2487