Fedora Legacy Test Update Notification: ethereal
Marc Deslauriers
marcdeslauriers at videotron.ca
Thu Mar 24 23:09:33 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2453
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2453
2005-03-24
---------------------------------------------------------------------
Name : ethereal
Versions : rh7.3: ethereal-0.10.10-0.73.1.legacy
Versions : rh9: ethereal-0.10.10-0.90.1.legacy
Versions : fc1: ethereal-0.10.10-1.FC1.1.legacy
Summary : Network traffic analyzer.
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.
---------------------------------------------------------------------
Update Information:
Updated Ethereal packages that fix various security vulnerabilities are
now available.
Ethereal is a program for monitoring network traffic.
A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious
packets to trigger these flaws and cause Ethereal to crash or
potentially execute arbitrary code.
A flaw in the DICOM dissector could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1139 to this issue.
A invalid RTP timestamp could hang Ethereal and create a large temporary
file, possibly filling available disk space. (CAN-2004-1140)
The HTTP dissector could access previously-freed memory, causing a
crash. (CAN-2004-1141)
An improperly formatted SMB packet could make Ethereal hang, maximizing
CPU utilization. (CAN-2004-1142)
The COPS dissector could go into an infinite loop. (CAN-2005-0006)
The DLSw dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0007)
The DNP dissector could cause memory corruption. (CAN-2005-0008)
The Gnutella dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0009)
The MMSE dissector could free static memory, causing a crash.
(CAN-2005-0010)
The X11 protocol dissector is vulnerable to a string buffer overflow.
(CAN-2005-0084)
A buffer overflow flaw was discovered in the Etheric dissector.
(CAN-2005-0704)
The GPRS-LLC dissector could crash if the "ignore cipher bit" option was
set. (CAN-2005-0705)
A buffer overflow flaw was discovered in the 3GPP2 A11 dissector.
(CAN-2005-0699)
A buffer overflow flaw was discovered in the IAPP dissector.
(CAN-2005-0739)
Users of Ethereal should upgrade to these updated packages which contain
version 0.10.10 and are not vulnerable to these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.10-0.73.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.73.2.legacy
- Added the evil plugins hack to get plugins built
* Mon Feb 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.73.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters
- Added gcc patch
rh9:
* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.10-0.90.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.90.2.legacy
- Added the evil plugins hack to get plugins built
* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-0.90.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Modified configure parameters
fc1:
* Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.10-1.FC1.1.legacy
- Updated to 0.10.10 to fix multiple security issues (FL#2453)
* Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-1.FC1.2.legacy
- Added the evil plugins hack to get plugins built
* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
0.10.9-1.FC1.1.legacy
- Updated to 0.10.9 to fix multiple security issues (FL#2407)
- Added htmlview patch
- Changed BuildRequires to gtk2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh7.3:
a17bbe32f066b6962f507321ea02a966fe152d4d
redhat/7.3/updates-testing/i386/ethereal-0.10.10-0.73.1.legacy.i386.rpm
70128930bb30e61b043258dd3939cbeeebd25ee6
redhat/7.3/updates-testing/i386/ethereal-gnome-0.10.10-0.73.1.legacy.i386.rpm
46f6193741ab1ad2a0c14da0e72459c2629ee2d0
redhat/7.3/updates-testing/SRPMS/ethereal-0.10.10-0.73.1.legacy.src.rpm
rh9:
3a8adb662fcf8513dd558c637271a62502558db7
redhat/9/updates-testing/i386/ethereal-0.10.10-0.90.1.legacy.i386.rpm
c99bc9df7a9e872bb423791b762d43050091238a
redhat/9/updates-testing/i386/ethereal-gnome-0.10.10-0.90.1.legacy.i386.rpm
4021715cae9e9a51ef3df402572c60b81ce10702
redhat/9/updates-testing/SRPMS/ethereal-0.10.10-0.90.1.legacy.src.rpm
fc1:
bfa066398f37ed6b363218b79bcd6b23d3ddb7a1
fedora/1/updates-testing/i386/ethereal-0.10.10-1.FC1.1.legacy.i386.rpm
10a18378d280efe1b640a5732bd96621047989f2
fedora/1/updates-testing/i386/ethereal-gnome-0.10.10-1.FC1.1.legacy.i386.rpm
4f7aeac0d63296ebb49a0e83d36a5d985c8c21f9
fedora/1/updates-testing/SRPMS/ethereal-0.10.10-1.FC1.1.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050324/c6550f7d/attachment.sig>
More information about the fedora-legacy-list
mailing list