Fedora Legacy Test Update Notification: ethereal

Marc Deslauriers marcdeslauriers at videotron.ca
Wed Dec 7 04:16:37 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152922
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152922
2005-12-06
---------------------------------------------------------------------

Name        : ethereal
Versions    : rh7.3: ethereal-0.10.13-0.73.1.legacy
Versions    : rh9: ethereal-0.10.13-0.90.1.legacy
Versions    : fc1: ethereal-0.10.13-1.FC1.3.legacy
Versions    : fc2: ethereal-0.10.13-1.FC2.2.legacy
Summary     : Network traffic analyzer.
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

---------------------------------------------------------------------
Update Information:

Updated Ethereal packages that fix various security vulnerabilities are
now available.

Ethereal is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious
packets to trigger these flaws and cause Ethereal to crash or
potentially execute arbitrary code.  The Common Vulnerabilities and
Exposures project has assigned the following names to these issues:

CAN-2004-1139, CAN-2004-1140, CVE-2004-1141, CVE-2004-1142,
CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009,
CVE-2005-0010, CVE-2005-0084, CVE-2005-0699, CVE-2005-0704,
CVE-2005-0705, CVE-2005-0739, CVE-2005-1456, CVE-2005-1457,
CVE-2005-1458, CVE-2005-1459, CVE-2005-1460, CVE-2005-1461,
CVE-2005-1462, CVE-2005-1463, CVE-2005-1464, CVE-2005-1465,
CVE-2005-1466, CVE-2005-1467, CVE-2005-1468, CVE-2005-1469,
CVE-2005-1470, CVE-2005-2360, CVE-2005-2361, CVE-2005-2362,
CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366,
CVE-2005-2367, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243,
CVE-2005-3244, CVE-2005-3245, CVE-2005-3246, CVE-2005-3247,
CVE-2005-3248, CVE-2005-3249, and CVE-2005-3184.

Users of Ethereal should upgrade to these updated packages which contain
version 0.10.13 and are not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Tue Nov 22 2005 David Eisenstein <deisenst at gtw.net> 0.10.13-0.73.1.legacy
- Updated to 0.10.13 to fix multiple security issues (Bug #152922)
- Add lines to specfile to package /usr/sbin/{randpkt,capinfos} and
  {_mandir}/man1/capinfos.*

* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.10-0.73.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)

* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.73.2.legacy
- Added the evil plugins hack to get plugins built

* Mon Feb 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.73.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters
- Added gcc patch

rh9:
* Mon Nov 28 2005 David Eisenstein <deisenst at gtw.net> 0.10.13-0.90.1.legacy
- Updated to 0.10.13 to fix multiple security issues (Bug #152922)
- Added ethereal-0.10.6-old.patch from RHEL3 0.10.13 .src.rpm.
- Package /usr/sbin/randpkt
- Add ldconfig commands to post-install and post-uninstall, like RHEL3.

* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.10-0.90.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)

* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.90.2.legacy
- Added the evil plugins hack to get plugins built

* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.90.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters

fc1:
* Sun Nov 27 2005 David Eisenstein <deisenst at gtw.net> 0.10.13-1.FC1.3.legacy
- Oops.  The hunk I removed from the ethereal-0.10.6-old.patch had *NOT*
  been applied upstream.  Reinstate it.  Sorry 'bout that.

* Tue Nov 08 2005 David Eisenstein <deisenst at gtw.net> 0.10.13-1.FC1.2.legacy
- Add missing /usr/sbin/randpkt to files section so it will build.

* Mon Nov 07 2005 David Eisenstein <deisenst at gtw.net> 0.10.13-1.FC1.1.legacy
- Updated to 0.10.13 to fix multiple security issues (Bug #152922)
- Removed the no-longer-needed ethereal-0.10.8-htmlview.patch
- Added ethereal-0.10.6-old.patch from RHEL3 0.10.13 .src.rpm after remov-
  ing a hunk from it that already had been applied upstream to packet-smb.c

* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.10-1.FC1.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)

* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-1.FC1.2.legacy
- Added the evil plugins hack to get plugins built

* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-1.FC1.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Added htmlview patch
- Changed BuildRequires to gtk2

fc2:
* Mon Nov 28 2005 David Eisenstein <deisenst at gtw.net> 0.10.13-1.FC2.2.legacy
- Add autoconf, automake16, libtool BuildRequires.

* Mon Nov 28 2005 David Eisenstein <deisenst at gtw.net> 0.10.13-1.FC2.1.legacy
- Updated to 0.10.13 to fix multiple security issues (Bug #152922)
- Removed the no-longer-needed ethereal-0.10.8-htmlview.patch
- Package /usr/sbin/randpkt

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
b6ec3227ce109dee158226168c100e726bfc20e3
redhat/7.3/updates-testing/i386/ethereal-0.10.13-0.73.1.legacy.i386.rpm
76bf3ca139e814ced155cab659e2845713baeee8
redhat/7.3/updates-testing/i386/ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpm
27d46417d6c70d7696ce51bb0eda1eca4c09306c
redhat/7.3/updates-testing/SRPMS/ethereal-0.10.13-0.73.1.legacy.src.rpm

rh9:
f40d4d125f74b5b2320b5f9c07a4dfe3a38b6070
redhat/9/updates-testing/i386/ethereal-0.10.13-0.90.1.legacy.i386.rpm
d2a08d88c8c22d375f36ebcaf480b580244e7b8f
redhat/9/updates-testing/i386/ethereal-gnome-0.10.13-0.90.1.legacy.i386.rpm
51e96ba6f6d6448370fd1d7e88bce2be2561f5b8
redhat/9/updates-testing/SRPMS/ethereal-0.10.13-0.90.1.legacy.src.rpm

fc1:
1f7a8447e658a08866f8050458c130793684ea72
fedora/1/updates-testing/i386/ethereal-0.10.13-1.FC1.3.legacy.i386.rpm
15198b45cdf68437b14cf37476b4eacb93313547
fedora/1/updates-testing/i386/ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpm
7df377ffb3f5267fc65e11adb54882d92135b405
fedora/1/updates-testing/SRPMS/ethereal-0.10.13-1.FC1.3.legacy.src.rpm

fc2:
f50e59779e38adf3de331c9f1b71f49ddb5dec11
fedora/2/updates-testing/i386/ethereal-0.10.13-1.FC2.2.legacy.i386.rpm
92c6b494330da5f7c6757bec6004d9110786c914
fedora/2/updates-testing/i386/ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm
aa43704fe2deb8aa46b3e61e3884470d9911e1fa
fedora/2/updates-testing/SRPMS/ethereal-0.10.13-1.FC2.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20051206/98cdd057/attachment.sig>

More information about the fedora-legacy-list mailing list