[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 4 Update: ethereal-0.99.0-fc4.1



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-461
2006-04-26
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : ethereal
Version     : 0.99.0                      
Release     : fc4.1                  
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------
Update Information:

 Many security vulnerabilities have been fixed since the
previous release.

    * The H.248 dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
      CVE: CVE-2006-1933

    * The X.509if dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The SRVLOC dissector could crash. Versions affected:
0.10.0 - 0.10.14.
      CVE: CVE-2006-1937

    * The H.245 dissector could crash. Versions affected:
0.10.13 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14.
      CVE: CVE-2006-1932

    * The COPS dissector could overflow a buffer. Versions
affected: 0.9.15 - 0.10.14.
      CVE: CVE-2006-1935

    * The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934 

Under a grant funded by the U.S. Department of Homeland
Security, Coverity has uncovered a number of vulnerabilities
in Ethereal:

    * The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14.
      CVE: CVE-2006-1938

    * An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
      CVE: CVE-2006-1937

    * The AIM dissector could crash Ethereal. Versions
affected: 0.10.7 - 0.10.14.
      CVE: CVE-2006-1937

    * The RPC dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The DCERPC dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ASN.1 dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14.
      CVE: CVE-2006-1938

    * The BER dissector could loop excessively. Versions
affected: 0.10.4 - 0.10.14.
      CVE: CVE-2006-1933

    * The SNDCP dissector could abort. Versions affected:
0.10.4 - 0.10.14.
      CVE: CVE-2006-1940

    * The Network Instruments file code could overrun a
buffer. Versions affected: 0.10.0 - 0.10.14.
      CVE: CVE-2006-1934

    * The NetXray/Windows Sniffer file code could overrun a
buffer. Versions affected: 0.10.13 - 0.10.14.
      CVE: CVE-2006-1934

    * The GSM SMS dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ALCAP dissector could overrun a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934

    * The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14.
      CVE: CVE-2006-1936

    * ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14.
      CVE: CVE-2006-1939

    * The H.248 dissector could crash Ethereal. Versions
affected: 0.10.11 - 0.10.14.
      CVE: CVE-2006-1937

    * The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939

    * The PER dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939
---------------------------------------------------------------------
* Tue Apr 25 2006 Radek Vokál <rvokal redhat com> 0.99.0-fc4.1
- update to 0.99.0
- fix segfault when rearranging columns

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

462f828b3f5708f7a9225952e1b01f3a10c8c28f  SRPMS/ethereal-0.99.0-fc4.1.src.rpm
10af5f56d3be8b24ba3cbd1930f5edfa02fefc4f  ppc/ethereal-0.99.0-fc4.1.ppc.rpm
3c3424e8a2840994ed64e7071096a82567be076a  ppc/ethereal-gnome-0.99.0-fc4.1.ppc.rpm
6ee0df23b23b6b52587d3041b5b8435fcf9b7f18  ppc/debug/ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm
2f9a992da291462ff8496525352b809f0338c2b4  x86_64/ethereal-0.99.0-fc4.1.x86_64.rpm
ba97833a340bb014beb26e6a74b0ed4a4169bc2f  x86_64/ethereal-gnome-0.99.0-fc4.1.x86_64.rpm
8d03f722713ee6e55cefc149af72440733f0d48f  x86_64/debug/ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm
6a24e66c6d732387713af9f83a6cd01508f2c73f  i386/ethereal-0.99.0-fc4.1.i386.rpm
bf074656cfb1a0bf70264fd27a08ad0cc3602110  i386/ethereal-gnome-0.99.0-fc4.1.i386.rpm
9323b27214f01f1dc34a082ff1c5961773319f9b  i386/debug/ethereal-debuginfo-0.99.0-fc4.1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]