Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.1221.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:1221-1)
Summary:The remote host is missing an update for the 'wireshark' package(s) announced via the SUSE-SU-2014:1221-1 advisory.
Description:Summary:
The remote host is missing an update for the 'wireshark' package(s) announced via the SUSE-SU-2014:1221-1 advisory.

Vulnerability Insight:
The wireshark package was upgraded to 1.10.10 from 1.8.x as 1.8 was discontinued.

This update fixes vulnerabilities that could allow an attacker to crash Wireshark or make it become unresponsive by sending specific packets onto the network or have them loaded via a capture file while the dissectors are running. It also contains a number of other bug fixes.

* RTP dissector crash. (wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422)
* MEGACO dissector infinite loop. (wnpa-sec-2014-13 CVE-2014-6423)
* Netflow dissector crash. (wnpa-sec-2014-14 CVE-2014-6424)
* RTSP dissector crash. (wnpa-sec-2014-17 CVE-2014-6427)
* SES dissector crash. (wnpa-sec-2014-18 CVE-2014-6428)
* Sniffer file parser crash. (wnpa-sec-2014-19 CVE-2014-6429
CVE-2014-6430 CVE-2014-6431 CVE-2014-6432)
* The Catapult DCT2000 and IrDA dissectors could underrun a buffer.
(wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162, bnc#889901)
* The GSM Management dissector could crash. (wnpa-sec-2014-09
CVE-2014-5163, bnc#889906)
* The RLC dissector could crash. (wnpa-sec-2014-10 CVE-2014-5164,
bnc#889900)
* The ASN.1 BER dissector could crash. (wnpa-sec-2014-11
CVE-2014-5165, bnc#889899)

Further bug fixes as listed in:
[link moved to references] and [link moved to references] .
Security Issues:
* CVE-2014-5161
* CVE-2014-5162
* CVE-2014-5163
* CVE-2014-5164
* CVE-2014-5165
* CVE-2014-6421
* CVE-2014-6422
* CVE-2014-6423
* CVE-2014-6424
* CVE-2014-6427
* CVE-2014-6428
* CVE-2014-6429
* CVE-2014-6430
* CVE-2014-6431
* CVE-2014-6432

Affected Software/OS:
'wireshark' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Desktop 11 SP3

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-5161
Debian Security Information: DSA-3002 (Google Search)
http://www.debian.org/security/2014/dsa-3002
http://secunia.com/advisories/57593
SuSE Security Announcement: SUSE-SU-2014:1221 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
SuSE Security Announcement: openSUSE-SU-2014:1038 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2014:1249 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-5162
Common Vulnerability Exposure (CVE) ID: CVE-2014-5163
Common Vulnerability Exposure (CVE) ID: CVE-2014-5164
Common Vulnerability Exposure (CVE) ID: CVE-2014-5165
Common Vulnerability Exposure (CVE) ID: CVE-2014-6421
RedHat Security Advisories: RHSA-2014:1676
http://rhn.redhat.com/errata/RHSA-2014-1676.html
RedHat Security Advisories: RHSA-2014:1677
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
Common Vulnerability Exposure (CVE) ID: CVE-2014-6422
Debian Security Information: DSA-3049 (Google Search)
http://www.debian.org/security/2014/dsa-3049
http://secunia.com/advisories/60578
Common Vulnerability Exposure (CVE) ID: CVE-2014-6423
Common Vulnerability Exposure (CVE) ID: CVE-2014-6424
Common Vulnerability Exposure (CVE) ID: CVE-2014-6427
Common Vulnerability Exposure (CVE) ID: CVE-2014-6428
Common Vulnerability Exposure (CVE) ID: CVE-2014-6429
Common Vulnerability Exposure (CVE) ID: CVE-2014-6430
Common Vulnerability Exposure (CVE) ID: CVE-2014-6431
Common Vulnerability Exposure (CVE) ID: CVE-2014-6432
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.