Test ID:	1.3.6.1.4.1.25623.1.0.61330
Category:	Fedora Local Security Checks
Title:	Fedora Core 9 FEDORA-2008-6440 (wireshark)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to wireshark announced via advisory FEDORA-2008-6440. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. Update Information: Upgrade to upstream 1.0.2 that fixes several security vulnerabilities: http://www.wireshark.org/security/wnpa-sec-2008-03.html http://www.wireshark.org/security/wnpa-sec-2008-04.html References: [ 1 ] Bug #454973 - CVE-2008-3140 wireshark: crash in the syslog dissector https://bugzilla.redhat.com/show_bug.cgi?id=454973 [ 2 ] Bug #454970 - CVE-2008-3137 wireshark: crash in the GSM SMS dissector https://bugzilla.redhat.com/show_bug.cgi?id=454970 [ 3 ] Bug #454984 - CVE-2008-3145 wireshark: crash in the packet reassembling https://bugzilla.redhat.com/show_bug.cgi?id=454984 [ 4 ] Bug #454971 - CVE-2008-3138 wireshark: unexpected exit in the PANA and KISMET dissectors https://bugzilla.redhat.com/show_bug.cgi?id=454971 [ 5 ] Bug #454975 - CVE-2008-3141 wireshark: memory disclosure in the RMI dissector https://bugzilla.redhat.com/show_bug.cgi?id=454975 [ 6 ] Bug #454972 - CVE-2008-3139 wireshark: crash in the RTMPT dissector https://bugzilla.redhat.com/show_bug.cgi?id=454972 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update wireshark' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-6440 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3140 BugTraq ID: 30020 http://www.securityfocus.com/bid/30020 Bugtraq: 20080703 rPSA-2008-0212-1 tshark wireshark (Google Search) http://www.securityfocus.com/archive/1/493882/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html http://security.gentoo.org/glsa/glsa-200808-04.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14700 http://securitytracker.com/id?1020404 http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.vupen.com/english/advisories/2008/1982/references XForce ISS Database: wireshark-syslog-dos(43518) https://exchange.xforce.ibmcloud.com/vulnerabilities/43518 Common Vulnerability Exposure (CVE) ID: CVE-2008-3137 Debian Security Information: DSA-1673 (Google Search) http://www.debian.org/security/2008/dsa-1673 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10860 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15068 http://www.redhat.com/support/errata/RHSA-2008-0890.html http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://www.vupen.com/english/advisories/2008/2773 Common Vulnerability Exposure (CVE) ID: CVE-2008-3145 BugTraq ID: 30181 http://www.securityfocus.com/bid/30181 Bugtraq: 20080729 rPSA-2008-0237-1 tshark wireshark (Google Search) http://www.securityfocus.com/archive/1/494859/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2008:152 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020 http://securitytracker.com/id?1020471 http://secunia.com/advisories/31044 http://secunia.com/advisories/31257 http://www.vupen.com/english/advisories/2008/2057/references XForce ISS Database: wireshark-packets-dos(43719) https://exchange.xforce.ibmcloud.com/vulnerabilities/43719 Common Vulnerability Exposure (CVE) ID: CVE-2008-3138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14898 XForce ISS Database: wireshark-pana-kismet-dos(43519) https://exchange.xforce.ibmcloud.com/vulnerabilities/43519 Common Vulnerability Exposure (CVE) ID: CVE-2008-3141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11324 XForce ISS Database: wireshark-rmi-information-disclosure(43520) https://exchange.xforce.ibmcloud.com/vulnerabilities/43520 Common Vulnerability Exposure (CVE) ID: CVE-2008-3139 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14682 XForce ISS Database: wireshark-rtmpt-dos(43517) https://exchange.xforce.ibmcloud.com/vulnerabilities/43517
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.