Fedora Legacy Test Update Notification: ethereal

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Mar 24 23:09:33 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2453
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2453
2005-03-24
---------------------------------------------------------------------

Name        : ethereal
Versions    : rh7.3: ethereal-0.10.10-0.73.1.legacy
Versions    : rh9: ethereal-0.10.10-0.90.1.legacy
Versions    : fc1: ethereal-0.10.10-1.FC1.1.legacy
Summary     : Network traffic analyzer.
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

---------------------------------------------------------------------
Update Information:

Updated Ethereal packages that fix various security vulnerabilities are
now available.

Ethereal is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious
packets to trigger these flaws and cause Ethereal to crash or
potentially execute arbitrary code.

A flaw in the DICOM dissector could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1139 to this issue.

A invalid RTP timestamp could hang Ethereal and create a large temporary
file, possibly filling available disk space. (CAN-2004-1140)

The HTTP dissector could access previously-freed memory, causing a
crash. (CAN-2004-1141)

An improperly formatted SMB packet could make Ethereal hang, maximizing
CPU utilization. (CAN-2004-1142)

The COPS dissector could go into an infinite loop. (CAN-2005-0006)

The DLSw dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0007)

The DNP dissector could cause memory corruption. (CAN-2005-0008)

The Gnutella dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0009)

The MMSE dissector could free static memory, causing a crash.
(CAN-2005-0010)

The X11 protocol dissector is vulnerable to a string buffer overflow.
(CAN-2005-0084)

A buffer overflow flaw was discovered in the Etheric dissector.
(CAN-2005-0704)

The GPRS-LLC dissector could crash if the "ignore cipher bit" option was
set. (CAN-2005-0705)

A buffer overflow flaw was discovered in the 3GPP2 A11 dissector.
(CAN-2005-0699)

A buffer overflow flaw was discovered in the IAPP dissector.
(CAN-2005-0739)

Users of Ethereal should upgrade to these updated packages which contain
version 0.10.10 and are not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.10-0.73.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)

* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.73.2.legacy
- Added the evil plugins hack to get plugins built

* Mon Feb 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.73.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters
- Added gcc patch

rh9:
* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.10-0.90.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)

* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.90.2.legacy
- Added the evil plugins hack to get plugins built

* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-0.90.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters

fc1:
* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.10-1.FC1.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)

* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-1.FC1.2.legacy
- Added the evil plugins hack to get plugins built

* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
0.10.9-1.FC1.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Added htmlview patch
- Changed BuildRequires to gtk2

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
a17bbe32f066b6962f507321ea02a966fe152d4d 
redhat/7.3/updates-testing/i386/ethereal-0.10.10-0.73.1.legacy.i386.rpm
70128930bb30e61b043258dd3939cbeeebd25ee6 
redhat/7.3/updates-testing/i386/ethereal-gnome-0.10.10-0.73.1.legacy.i386.rpm
46f6193741ab1ad2a0c14da0e72459c2629ee2d0 
redhat/7.3/updates-testing/SRPMS/ethereal-0.10.10-0.73.1.legacy.src.rpm

rh9:
3a8adb662fcf8513dd558c637271a62502558db7 
redhat/9/updates-testing/i386/ethereal-0.10.10-0.90.1.legacy.i386.rpm
c99bc9df7a9e872bb423791b762d43050091238a 
redhat/9/updates-testing/i386/ethereal-gnome-0.10.10-0.90.1.legacy.i386.rpm
4021715cae9e9a51ef3df402572c60b81ce10702 
redhat/9/updates-testing/SRPMS/ethereal-0.10.10-0.90.1.legacy.src.rpm

fc1:
bfa066398f37ed6b363218b79bcd6b23d3ddb7a1 
fedora/1/updates-testing/i386/ethereal-0.10.10-1.FC1.1.legacy.i386.rpm
10a18378d280efe1b640a5732bd96621047989f2 
fedora/1/updates-testing/i386/ethereal-gnome-0.10.10-1.FC1.1.legacy.i386.rpm
4f7aeac0d63296ebb49a0e83d36a5d985c8c21f9 
fedora/1/updates-testing/SRPMS/ethereal-0.10.10-1.FC1.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050324/c6550f7d/attachment.sig>

More information about the fedora-legacy-list mailing list