ethereal security problems
Michal Jaegermann
michal at harddata.com
Fri Apr 2 02:54:30 UTC 2004
On Thu, Apr 01, 2004 at 11:56:53AM -0500, John Dalbec wrote:
> Red Hat fixed the security issues in Red Hat Linux 9 by upgrading to 0.10.3.
I looked at this a bit closer. From advisories it follows that
version of ethereal used on "legacy" systems are indeed affected by
the issue. Also problems were indeed fixed by bumping up a version
and not by patching what was used so likely we should do the same.
I attach a spec file and two patches which are "carry-overs" from
the previous version (i.e. parts which make sense). Other sources
listed there come from either ethereal-0.9.16-0.73.2.legacy.src.rpm
_or_ from ethereal-0.10.3-0.90.1.src.rpm.
There is more protocols supported and even if some "leftover" files
from libtool were dropped the whole thing is quite a bit bigger.
It installs and works for me just fine. It was only a light testing
but it captures, saves to a file, loads from a file, filters.
I did that on RH7.3 installation. Most likely this fits 7.2 as
well. How this should be done for RH8 I have no idea. Probably
something similar. Go for it!
> and RPM reports missing files.
Some new files are needed. 'ethereal-gnome' content looks the
same but 'ethereal' ends up with 102 entries on a list.
Michal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ethereal.add.tar.gz
Type: application/x-gzip
Size: 4405 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040401/45e365ff/attachment.bin>
More information about the fedora-legacy-list
mailing list