-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2004-1840 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1840 2004-09-29 - --------------------------------------------------------------------- Name : ethereal Versions : 7.3: 0.10.3-0.73.3.legacy, 9: 0.10.3-0.90.4.legacy Summary : Ethereal is a network traffic analyzer for Unix-ish operating systems. Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package uses libpcap, a packet capture and filtering library, and contains command-line utilities, plugins and documentation for ethereal. A GTK+ based graphical user interface is available in a separate package. - --------------------------------------------------------------------- Update Information: Issues fixed with this Ethereal release include: Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0176 to this issue. Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0365 to this issue. Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0367 to this issue. The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0507 to this issue. In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CAN-2004-0504), AIM (CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets. The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained a memory read flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0635 to this issue. The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a null pointer flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0634 to this issue. The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained an integer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0633 to this issue. - --------------------------------------------------------------------- 7.3 changelog: * Thu Jul 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.10.3-0.73.3.legacy - - Included backported security fixes from ethereal-0.10.5 (CAN-2004-0633, CAN-2004-0634, CAN-2004-0635) * Thu Jun 10 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 0.10.3-0.73.2.legacy - - Missing build-req of python * Fri Jun 04 2004 Marc Deslauriers <macrdeslauriers@xxxxxxxxxxxx> 0.10.3-0.73.1.legacy - - Updated to version 0.10.3 - - Included backported security fixes from ethereal-0.10.4 9 changelog: * Thu Jul 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.10.3-0.90.4.legacy - - Included backported security fixes from ethereal-0.10.5 (CAN-2004-0633, CAN-2004-0634, CAN-2004-0635) * Thu Jun 10 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 0.10.3-0.90.3.legacy - - Added elfutils-devel and python as build-reqs. * Fri Jun 04 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.10.3-0.90.2.legacy - - Included backported security fixes from ethereal-0.10.4 - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ (sha1sums) 9dea4bd2d8a8efce8722e7891a8b211ece731645 7.3/updates-testing/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm f3defe29af6aceec7df646a0a49d8654823796e1 7.3/updates-testing/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm 33c5ea5e2cabcd186aace74b9679a07c950d0d89 7.3/updates-testing/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm 5c8e340c29644e861ebe064158b04420ca447066 9/updates-testing/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm beb7b34e7a09b29c32976f7af123c7712f469bc6 9/updates-testing/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm a32b6b54c36c2fe6a29e47080cadbb6ae87c8d6a 9/updates-testing/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm - --------------------------------------------------------------------- Please test and comment in bugzilla. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBWoxILMAs/0C4zNoRAnCTAJ41ZdvoxgqFehlZTk4Qm44MBshwQgCeKUsV sZjXZlAgMnqktd6WjeCmHxE= =rjH4 -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
