Fedora Legacy Test Update Notification: ethereal

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Feb 24 03:57:17 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2407
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2407
2005-02-23
---------------------------------------------------------------------

Name        : ethereal
Versions    : rh7.3: ethereal-0.10.9-0.73.2.legacy
Versions    : rh9: ethereal-0.10.9-0.90.2.legacy
Versions    : fc1: ethereal-0.10.9-1.FC1.2.legacy
Summary     : Network traffic analyzer.
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

---------------------------------------------------------------------
Update Information:

Updated Ethereal packages that fix various security vulnerabilities are
now available.

Ethereal is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious
packets to trigger these flaws.

A flaw in the DICOM dissector could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1139 to this issue.

A invalid RTP timestamp could hang Ethereal and create a large temporary
file, possibly filling available disk space. (CAN-2004-1140)

The HTTP dissector could access previously-freed memory, causing a
crash. (CAN-2004-1141)

An improperly formatted SMB packet could make Ethereal hang, maximizing
CPU utilization. (CAN-2004-1142)

The COPS dissector could go into an infinite loop. (CAN-2005-0006)

The DLSw dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0007)

The DNP dissector could cause memory corruption. (CAN-2005-0008)

The Gnutella dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0009)

The MMSE dissector could free static memory, causing a crash.
(CAN-2005-0010)

The X11 protocol dissector is vulnerable to a string buffer overflow.
(CAN-2005-0084)

Users of Ethereal should upgrade to these updated packages which contain
version 0.10.9 that is not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.73.2.legacy
- Added the evil plugins hack to get plugins built

* Mon Feb 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.73.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters
- Added gcc patch

rh9:
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.90.2.legacy
- Added the evil plugins hack to get plugins built

* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.90.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters

fc1:
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-1.FC1.2.legacy
- Added the evil plugins hack to get plugins built

* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-1.FC1.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Added htmlview patch
- Changed BuildRequires to gtk2

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
bf5ae992795eed466b9e005fd4d14e1f38bfd185 
redhat/7.3/updates-testing/i386/ethereal-0.10.9-0.73.2.legacy.i386.rpm
339690967656c301408a873bf3ffea6f4b4311f4 
redhat/7.3/updates-testing/i386/ethereal-gnome-0.10.9-0.73.2.legacy.i386.rpm
c2fba17d1dd3e04dca158bd7583f1926e3f4374f 
redhat/7.3/updates-testing/SRPMS/ethereal-0.10.9-0.73.2.legacy.src.rpm

rh9:
fce29e1fdc627835a8ae16ec787fef0e8dfd428a 
redhat/9/updates-testing/i386/ethereal-0.10.9-0.90.2.legacy.i386.rpm
ee03b51a09f7d324ed7377ebdd88e6412183606d 
redhat/9/updates-testing/i386/ethereal-gnome-0.10.9-0.90.2.legacy.i386.rpm
823e06972cc84611547ea5ac6d18cadf68ea5c93 
redhat/9/updates-testing/SRPMS/ethereal-0.10.9-0.90.2.legacy.src.rpm

fc1:
7be37b8141a229d5285f6bf09f9667555693e85e 
fedora/1/updates-testing/i386/ethereal-0.10.9-1.FC1.2.legacy.i386.rpm
0c1ed87b9ae7f513b9a224e57d2579f333dcda07 
fedora/1/updates-testing/i386/ethereal-gnome-0.10.9-1.FC1.2.legacy.i386.rpm
950d6461873f7eac965133077cd959bbb0680e8a 
fedora/1/updates-testing/SRPMS/ethereal-0.10.9-1.FC1.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050223/ec013679/attachment.sig>

More information about the fedora-legacy-list mailing list