Fedora Legacy Test Update Notification: ethereal

Marc Deslauriers marcdeslauriers at videotron.ca
Wed Sep 29 10:20:25 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-1840
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1840
2004-09-29
- ---------------------------------------------------------------------

Name        : ethereal
Versions    : 7.3: 0.10.3-0.73.3.legacy, 9: 0.10.3-0.90.4.legacy
Summary     : Ethereal is a network traffic analyzer for Unix-ish
operating
              systems.
Description : 
Ethereal is a network traffic analyzer for Unix-ish operating systems.
 
This package uses libpcap, a packet capture and filtering library, and
contains command-line utilities, plugins and documentation for ethereal.
A
GTK+ based graphical user interface is available in a separate package.

- ---------------------------------------------------------------------
Update Information:

Issues fixed with this Ethereal release include:

Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain
stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP
dissectors.
On a system where Ethereal is being run a remote attacker could send
malicious packets that could cause Ethereal to crash or execute
arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has
assigned the name CAN-2004-0176 to this issue.

Jonathan Heussser discovered that a carefully-crafted RADIUS packet
could
cause a crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0365 to this issue.

Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of
service (crash) via a zero-length Presentation protocol selector. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned
the name CAN-2004-0367 to this issue.

The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained
a
buffer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0507 to this issue.

In addition, other flaws in Ethereal prior to 0.10.4 were found that
could
cause it to crash in response to carefully crafted SIP (CAN-2004-0504),
AIM
(CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets.

The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained
a
memory read flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0635 to this
issue.

The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a
null pointer flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to
crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0634 to this issue.

The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained
an
integer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0633 to this
issue.

- ---------------------------------------------------------------------
7.3 changelog:
* Thu Jul 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.3-0.73.3.legacy
 
- - Included backported security fixes from ethereal-0.10.5
  (CAN-2004-0633, CAN-2004-0634, CAN-2004-0635)
 
* Thu Jun 10 2004 Jesse Keating <jkeating at j2solutions.net>
0.10.3-0.73.2.legacy
 
- - Missing build-req of python
 
* Fri Jun 04 2004 Marc Deslauriers <macrdeslauriers at videotron.ca>
0.10.3-0.73.1.legacy
 
- - Updated to version 0.10.3
- - Included backported security fixes from ethereal-0.10.4

9 changelog:
* Thu Jul 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.3-0.90.4.legacy
 
- - Included backported security fixes from ethereal-0.10.5
  (CAN-2004-0633, CAN-2004-0634, CAN-2004-0635)
 
* Thu Jun 10 2004 Jesse Keating <jkeating at j2solutions.net>
0.10.3-0.90.3.legacy
 
- - Added elfutils-devel and python as build-reqs.
 
* Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.3-0.90.2.legacy
 
- - Included backported security fixes from ethereal-0.10.4

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
(sha1sums)

9dea4bd2d8a8efce8722e7891a8b211ece731645
7.3/updates-testing/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
f3defe29af6aceec7df646a0a49d8654823796e1
7.3/updates-testing/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm
33c5ea5e2cabcd186aace74b9679a07c950d0d89
7.3/updates-testing/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm
5c8e340c29644e861ebe064158b04420ca447066
9/updates-testing/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
beb7b34e7a09b29c32976f7af123c7712f469bc6
9/updates-testing/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm
a32b6b54c36c2fe6a29e47080cadbb6ae87c8d6a
9/updates-testing/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

- ---------------------------------------------------------------------

Please test and comment in bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBWoxILMAs/0C4zNoRAnCTAJ41ZdvoxgqFehlZTk4Qm44MBshwQgCeKUsV
sZjXZlAgMnqktd6WjeCmHxE=
=rjH4
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list