On Wed, 02 Jul 2003 09:11:11 -0400 Jeremy Portzer <jeremyp@xxxxxxxxx> said: > There was an errata for tcpdump (which is used by ethereal) > https://rhn.redhat.com/errata/RHSA-2003-174.html AFIK tcpdump is not used by ethereal, they share a pcap library that is about it. Try running ethereal then using top and lsof to find any references to tcpdump. I could not find any. And it also runs as root. [~]# /usr/sbin/lsof |grep -i pcap ethereal 3513 root mem REG 3,66 113904 52487 /usr/lib/libpcap.so.0.6.2 > With that errata, tcpdump runs as 'pcap' instead of as root by default. > Does this make those possible problems less dangerous perhaps? > > I agree it looks like they should release an ethereal errata, but Q.A. > takes time. Usually vendors are notified several weeks in advance of > announcing security vulnerabilities so they have time to develop and > Q.A. patches. Do you know if Red Hat was notified in advance of the > announcement? > > --Jeremy > > On Wed, 2003-07-02 at 08:21, vincent wrote: > > last month on June 11th there were a ton of security problems in ethereal > > why has redhat not updated? last update I can find is April 23rd. for > > something else: > > http://ftp.redhat.com/pub/redhat/linux/updates/9/en/os/SRPMS/ > > > > The announcement can be found here. > > http://www.ethereal.com/appnotes/enpa-sa-00010.html > > > > If we're vuln this should have been updated promptly. > -- > /=====================================================================\ > | Jeremy Portzer jeremyp@xxxxxxxxx trilug.org/~jeremy | > | GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 | > \=====================================================================/ >
