Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.0110.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:0110-1)
Summary:The remote host is missing an update for the 'wireshark' package(s) announced via the SUSE-SU-2016:0110-1 advisory.
Description:Summary:
The remote host is missing an update for the 'wireshark' package(s) announced via the SUSE-SU-2016:0110-1 advisory.

Vulnerability Insight:
This update contains Wireshark 1.12.9 and fixes the following issues:
* CVE-2015-7830: pcapng file parser could crash while copying an interface
filter (bsc#950437)
* CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in
Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate
conversation data, which allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via a crafted
packet.
* CVE-2015-8712: The dissect_hsdsch_channel_info function in
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark
1.12.x before 1.12.9 does not validate the number of PDUs, which allows
remote attackers to cause a denial of service (application crash) via a
crafted packet.
* CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector
in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for
channel ID mappings, which allows remote attackers to cause a denial of
service (out-of-bounds memory access and application crash) via a
crafted packet.
* CVE-2015-8714: The dissect_dcom_OBJREF function in
epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x
before 1.12.9 does not initialize a certain IPv4 data structure, which
allows remote attackers to cause a denial of service (application crash)
via a crafted packet.
* CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector
in Wireshark 1.12.x before 1.12.9 does not check for empty arguments,
which allows remote attackers to cause a denial of service (infinite
loop) via a crafted packet.
* CVE-2015-8716: The init_t38_info_conv function in
epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x
before 1.12.9 does not ensure that a conversation exists, which allows
remote attackers to cause a denial of service (application crash) via a
crafted packet.
* CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c
in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent
use of a negative media count, which allows remote attackers to cause a
denial of service (application crash) via a crafted packet.
* CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c
in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before
2.0.1, when the 'Match MSG/RES packets for async NLM' option is enabled,
allows remote attackers to cause a denial of service (application crash)
via a crafted packet.
* CVE-2015-8719: The dissect_dns_answer function in
epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x
before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows
remote attackers to cause a denial of service (application crash) via a
crafted packet.
* CVE-2015-8720: The dissect_ber_GeneralizedTime function in
epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x
before 1.12.9 and 2... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'wireshark' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Software Development Kit 11-SP3, SUSE Linux Enterprise Server for VMWare 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Desktop 11-SP4, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7830
BugTraq ID: 77101
http://www.securityfocus.com/bid/77101
BugTraq ID: 78723
http://www.securityfocus.com/bid/78723
Debian Security Information: DSA-3505 (Google Search)
http://www.debian.org/security/2016/dsa-3505
http://www.zerodayinitiative.com/advisories/ZDI-15-624
http://www.securitytracker.com/id/1033953
SuSE Security Announcement: openSUSE-SU-2015:1836 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8711
BugTraq ID: 79814
http://www.securityfocus.com/bid/79814
https://security.gentoo.org/glsa/201604-05
http://www.securitytracker.com/id/1034551
Common Vulnerability Exposure (CVE) ID: CVE-2015-8712
BugTraq ID: 79816
http://www.securityfocus.com/bid/79816
Common Vulnerability Exposure (CVE) ID: CVE-2015-8713
Common Vulnerability Exposure (CVE) ID: CVE-2015-8714
Common Vulnerability Exposure (CVE) ID: CVE-2015-8715
Common Vulnerability Exposure (CVE) ID: CVE-2015-8716
Common Vulnerability Exposure (CVE) ID: CVE-2015-8717
Common Vulnerability Exposure (CVE) ID: CVE-2015-8718
Common Vulnerability Exposure (CVE) ID: CVE-2015-8719
Common Vulnerability Exposure (CVE) ID: CVE-2015-8720
Common Vulnerability Exposure (CVE) ID: CVE-2015-8721
Common Vulnerability Exposure (CVE) ID: CVE-2015-8722
Common Vulnerability Exposure (CVE) ID: CVE-2015-8723
BugTraq ID: 79382
http://www.securityfocus.com/bid/79382
Common Vulnerability Exposure (CVE) ID: CVE-2015-8724
Common Vulnerability Exposure (CVE) ID: CVE-2015-8725
Common Vulnerability Exposure (CVE) ID: CVE-2015-8726
Common Vulnerability Exposure (CVE) ID: CVE-2015-8727
Common Vulnerability Exposure (CVE) ID: CVE-2015-8728
Common Vulnerability Exposure (CVE) ID: CVE-2015-8729
Common Vulnerability Exposure (CVE) ID: CVE-2015-8730
Common Vulnerability Exposure (CVE) ID: CVE-2015-8731
Debian Security Information: DSA-3516 (Google Search)
http://www.debian.org/security/2016/dsa-3516
Common Vulnerability Exposure (CVE) ID: CVE-2015-8732
Common Vulnerability Exposure (CVE) ID: CVE-2015-8733
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.