[SECURITY] Fedora Core 1 Update: ethereal-0.10.5-0.1.1

Phil Knirsch pknirsch at redhat.com
Wed Jul 14 15:35:15 UTC 2004

Fedora Update Notification

Product     : Fedora Core 1
Name        : ethereal
Version     : 0.10.5
Release     : 0.1.1
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

Update Information:

  Issues have been discovered in the following protocol dissectors:

     * The iSNS dissector could make Ethereal abort in some cases. 
(0.10.3 - 0.10.4) CAN-2004-0633
     * SMB SID snooping could crash if there was no policy name for a 
handle. (0.9.15 - 0.10.4) CAN-2004-0634
     * The SNMP dissector could crash due to a malformed or missing 
community string. (0.8.15 - 0.10.4) CAN-2004-0635


It may be possible to make Ethereal crash or run arbitrary code by 
injecting a purposefully malformed packet onto the wire or by convincing 
someone to read a malformed packet trace file.


Upgrade to 0.10.5.

If you are running a version prior to 0.10.5 and you cannot upgrade, you 
can disable all of the protocol dissectors listed above by selecting 
Analyze->Enabled Protocols... and deselecting them from the list. For 
SMB, you can alternatively disable SID snooping in the SMB protocol 
preferences. However, it is strongly recommended that you upgrade to 
* Fri Jul 09 2004 Phil Knirsch <pknirsch at redhat.com> 0.10.5-0.1.1

- Update to ethereal-0.10.5 for various security bugfixes.

This update can be downloaded from:

9751b92c7bdefaaf6745b034c8e3204e  SRPMS/ethereal-0.10.5-0.1.1.src.rpm
34c62134a742a1fce28a37266f0a8e7c  x86_64/ethereal-0.10.5-0.1.1.x86_64.rpm
ecc5eab62824dc34c8de6c4f12a8b8bf  i386/ethereal-0.10.5-0.1.1.i386.rpm
1c5004476fe460260699f713cee0ca3a  i386/ethereal-gnome-0.10.5-0.1.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Philipp Knirsch      | Tel.:  +49-711-96437-470
Development          | Fax.:  +49-711-96437-111
Red Hat GmbH         | Email: Phil Knirsch <phil at redhat.de>
Hauptstaetterstr. 58 | Web:   http://www.redhat.de/
D-70178 Stuttgart
Motd:  You're only jealous cos the little penguins are talking to me.

More information about the fedora-announce-list mailing list