[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 2 Update: ethereal-0.10.5-0.2.1

Fedora Update Notification

Product     : Fedora Core 2
Name        : ethereal
Version     : 0.10.5
Release     : 0.2.1
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

Update Information:

Issues have been discovered in the following protocol dissectors:

* The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4) CAN-2004-0633
* SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4) CAN-2004-0634
* The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4) CAN-2004-0635


It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Upgrade to 0.10.5.

If you are running a version prior to 0.10.5 and you cannot upgrade, you can disable all of the protocol dissectors listed above by selecting Analyze->Enabled Protocols... and deselecting them from the list. For SMB, you can alternatively disable SID snooping in the SMB protocol preferences. However, it is strongly recommended that you upgrade to 0.10.5.
* Fri Jul 09 2004 Phil Knirsch <pknirsch redhat com> 0.10.5-0.2.1

- Update to ethereal-0.10.5 for security fixes.

--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

1f4254c343bbfa2c2e98d9bb49340a5f SRPMS/ethereal-0.10.5-0.2.1.src.rpm
c98d1e9da160d1400592b947fe308b10 x86_64/ethereal-0.10.5-0.2.1.x86_64.rpm
ab66853ce5a23be083b8adad4dc9f9aa x86_64/ethereal-gnome-0.10.5-0.2.1.x86_64.rpm
ce1e4e540a4e84f96a9dbf7e0956aef5 x86_64/debug/ethereal-debuginfo-0.10.5-0.2.1.x86_64.rpm
9bfbac5d3d743c8ef214724fb95a6356 i386/ethereal-0.10.5-0.2.1.i386.rpm
0b15320109ba9ee5bb1a4b32a7841e39 i386/ethereal-gnome-0.10.5-0.2.1.i386.rpm
ea18577656d29850cc438c9c2d0aec4c i386/debug/ethereal-debuginfo-0.10.5-0.2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Philipp Knirsch      | Tel.:  +49-711-96437-470
Development          | Fax.:  +49-711-96437-111
Red Hat GmbH         | Email: Phil Knirsch <phil redhat de>
Hauptstaetterstr. 58 | Web:   http://www.redhat.de/
D-70178 Stuttgart
Motd:  You're only jealous cos the little penguins are talking to me.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]