Lucene search
Mageia: Security Advisory (MGASA-2024-0206)
🗓️ 04 Jun 2024 00:00:00Reported by Copyright (C) 2024 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 14 Views
The remote host is missing an update for the 'wireshark' package(s) announced via the MGASA-2024-0206 advisory. Memory handling issue in editcap, MONGO and ZigBee TLV dissector infinite loops, Use after free issue in editcap could cause denial of service via crafted capture file. 'wireshark' package(s) on Mageia 9. Please install the updated package(s)
Show more
| Reporter | Title | Published | Views | Family All 75 |
|---|---|---|---|---|
 | SUSE-SU-2024:2265-1 Security update for wireshark | 2 Jul 202408:14 | – | osv |
| OPENSUSE-SU-2024:13978-1 libwireshark17-4.2.5-1.1 on GA media | 15 Jun 202400:00 | – | osv |
| MGASA-2024-0206 Updated wireshark packages fix security vulnerabilities | 3 Jun 202418:30 | – | osv |
| SUSE-SU-2024:1865-1 Security update for wireshark | 30 May 202412:19 | – | osv |
| CVE-2024-4853 | 14 May 202415:45 | – | osv |
| CVE-2024-4855 | 14 May 202415:45 | – | osv |
| CVE-2024-4854 | 14 May 202415:45 | – | osv |
| DLA-3906-1 wireshark - security update | 30 Sep 202400:00 | – | osv |
 | Updated wireshark packages fix security vulnerabilities | 3 Jun 202421:30 | – | mageia |
 | SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wireshark (SUSE-SU-2024:2265-1) | 3 Jul 202400:00 | – | nessus |
10
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2024.0206");
script_cve_id("CVE-2024-4853", "CVE-2024-4854", "CVE-2024-4855");
script_tag(name:"creation_date", value:"2024-06-04 04:11:12 +0000 (Tue, 04 Jun 2024)");
script_version("2024-06-04T05:05:28+0000");
script_tag(name:"last_modification", value:"2024-06-04 05:05:28 +0000 (Tue, 04 Jun 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("Mageia: Security Advisory (MGASA-2024-0206)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA9");
script_xref(name:"Advisory-ID", value:"MGASA-2024-0206");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2024-0206.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=33258");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'wireshark' package(s) announced via the MGASA-2024-0206 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Memory handling issue in editcap could cause denial of service via
crafted capture file. (CVE-2024-4853)
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to
4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via
packet injection or crafted capture file. (CVE-2024-4854)
Use after free issue in editcap could cause denial of service via
crafted capture file. (CVE-2024-4855)");
script_tag(name:"affected", value:"'wireshark' package(s) on Mageia 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA9") {
if(!isnull(res = isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64wireshark16", rpm:"lib64wireshark16~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64wiretap13", rpm:"lib64wiretap13~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64wsutil14", rpm:"lib64wsutil14~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwireshark16", rpm:"libwireshark16~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwiretap13", rpm:"libwiretap13~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwsutil14", rpm:"libwsutil14~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rawshark", rpm:"rawshark~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tshark", rpm:"tshark~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"wireshark", rpm:"wireshark~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~4.0.15~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo04 Jun 2024 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS36.4
EPSS0.00045
SSVC