[SECURITY] Fedora Core 2 Update: ethereal-0.10.5-0.2.1

Phil Knirsch pknirsch at redhat.com
Wed Jul 14 15:38:38 UTC 2004

Fedora Update Notification

Product     : Fedora Core 2
Name        : ethereal
Version     : 0.10.5
Release     : 0.2.1
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

Update Information:

  Issues have been discovered in the following protocol dissectors:

     * The iSNS dissector could make Ethereal abort in some cases. 
(0.10.3 - 0.10.4) CAN-2004-0633
     * SMB SID snooping could crash if there was no policy name for a 
handle. (0.9.15 - 0.10.4) CAN-2004-0634
     * The SNMP dissector could crash due to a malformed or missing 
community string. (0.8.15 - 0.10.4) CAN-2004-0635


It may be possible to make Ethereal crash or run arbitrary code by 
injecting a purposefully malformed packet onto the wire or by convincing 
someone to read a malformed packet trace file.


Upgrade to 0.10.5.

If you are running a version prior to 0.10.5 and you cannot upgrade, you 
can disable all of the protocol dissectors listed above by selecting 
Analyze->Enabled Protocols... and deselecting them from the list. For 
SMB, you can alternatively disable SID snooping in the SMB protocol 
preferences. However, it is strongly recommended that you upgrade to 
* Fri Jul 09 2004 Phil Knirsch <pknirsch at redhat.com> 0.10.5-0.2.1

- Update to ethereal-0.10.5 for security fixes.

This update can be downloaded from:

1f4254c343bbfa2c2e98d9bb49340a5f  SRPMS/ethereal-0.10.5-0.2.1.src.rpm
c98d1e9da160d1400592b947fe308b10  x86_64/ethereal-0.10.5-0.2.1.x86_64.rpm
9bfbac5d3d743c8ef214724fb95a6356  i386/ethereal-0.10.5-0.2.1.i386.rpm
0b15320109ba9ee5bb1a4b32a7841e39  i386/ethereal-gnome-0.10.5-0.2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Philipp Knirsch      | Tel.:  +49-711-96437-470
Development          | Fax.:  +49-711-96437-111
Red Hat GmbH         | Email: Phil Knirsch <phil at redhat.de>
Hauptstaetterstr. 58 | Web:   http://www.redhat.de/
D-70178 Stuttgart
Motd:  You're only jealous cos the little penguins are talking to me.

More information about the fedora-announce-list mailing list