-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-04 - - --------------------------------------------------------------------------- GLSA: 200311-04 package: net-analyzer/ethereal summary: Security problems in Ethereal 0.9.15 severity: normal Gentoo bug: 32691 date: 2003-11-22 CVE: none exploit: remote affected: <0.9.16 fixed: >=0.9.16 DESCRIPTION: Quote from <http://www.ethereal.com/appnotes/enpa-sa-00011.html>: Potential security issues have been discovered in the following protocol dissectors: * An improperly formatted GTP MSISDN string could cause a buffer overflow. * A malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash. * The SOCKS dissector was susceptible to a heap overlfow. Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. Resolution: Upgrade to 0.9.16. If you are running a version prior to 0.9.16 and you cannot upgrade, you can disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them from the list. SOLUTION: It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal 0.9.x upgrade: emerge sync emerge '>=net-analyzer/ethereal-0.9.16' emerge clean - -- Andrea Barisani <lcars@gentoo.org> .*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0xC9EE0905 http://dev.gentoo.org/~lcars/pubkey.asc ( ) 491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/wi7qyqksfcnuCQURAtzrAJ9aRrV+aALW2vrSlcdgZmKshnS3kACfVz2E IZI8yNOWjMb81RRpK6IY+wE= =IPJD -----END PGP SIGNATURE-----
