openSUSE Security Update : wireshark (openSUSE-2017-503)

high Nessus Plugin ID 99617

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update to Wireshark 2.2.6 fixes minor vulnerabilities that could be used to trigger a dissector crash or infinite loops by sending specially crafted packages over the network or into a capture file :

- CVE-2017-7700: NetScaler file parser infinite loop (boo#1033936)

- CVE-2017-7701: BGP dissector infinite loop (boo#1033937)

- CVE-2017-7702: WBMXL dissector infinite loop (boo#1033938)

- CVE-2017-7703: IMAP dissector crash (boo#1033939)

- CVE-2017-7704: DOF dissector infinite loop (boo#1033940)

- CVE-2017-7705: RPCoRDMA dissector infinite loop (boo#1033941)

- CVE-2017-7745: SIGCOMP dissector infinite loop (boo#1033942)

- CVE-2017-7746: SLSK dissector long loop (boo#1033943)

- CVE-2017-7747: PacketBB dissector crash (boo#1033944)

- CVE-2017-7748: WSP dissector infinite loop (boo#1033945)

Solution

Update the affected wireshark packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1033936

https://bugzilla.opensuse.org/show_bug.cgi?id=1033937

https://bugzilla.opensuse.org/show_bug.cgi?id=1033938

https://bugzilla.opensuse.org/show_bug.cgi?id=1033939

https://bugzilla.opensuse.org/show_bug.cgi?id=1033940

https://bugzilla.opensuse.org/show_bug.cgi?id=1033941

https://bugzilla.opensuse.org/show_bug.cgi?id=1033942

https://bugzilla.opensuse.org/show_bug.cgi?id=1033943

https://bugzilla.opensuse.org/show_bug.cgi?id=1033944

https://bugzilla.opensuse.org/show_bug.cgi?id=1033945

Plugin Details

Severity: High

ID: 99617

File Name: openSUSE-2017-503.nasl

Version: 3.8

Type: local

Agent: unix

Published: 4/24/2017

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:wireshark-ui-qt, p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo, p-cpe:/a:novell:opensuse:wireshark-debuginfo, p-cpe:/a:novell:opensuse:wireshark-ui-gtk, p-cpe:/a:novell:opensuse:wireshark-devel, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo, p-cpe:/a:novell:opensuse:wireshark, p-cpe:/a:novell:opensuse:wireshark-debugsource

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 4/21/2017

Reference Information

CVE: CVE-2017-7700, CVE-2017-7701, CVE-2017-7702, CVE-2017-7703, CVE-2017-7704, CVE-2017-7705, CVE-2017-7745, CVE-2017-7746, CVE-2017-7747, CVE-2017-7748