[FLSA-2006:152922] Updated ethereal packages fix security issues
Posted on: 01/10/2006 11:21 AM
Fedora Legacy Update Advisory
Synopsis: Updated ethereal packages fix security issues
Advisory ID: FLSA:152922
Issue date: 2006-01-09
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-1139, CAN-2004-1140, CVE-2004-1141,
CVE-2004-1142, CVE-2005-0006, CVE-2005-0007,
CVE-2005-0008, CVE-2005-0009, CVE-2005-0010,
CVE-2005-0084, CVE-2005-0699, CVE-2005-0704,
CVE-2005-0705, CVE-2005-0739, CVE-2005-1456,
CVE-2005-1457, CVE-2005-1458, CVE-2005-1459,
CVE-2005-1460, CVE-2005-1461, CVE-2005-1462,
CVE-2005-1463, CVE-2005-1464, CVE-2005-1465,
CVE-2005-1466, CVE-2005-1467, CVE-2005-1468,
CVE-2005-1469, CVE-2005-1470, CVE-2005-2360,
CVE-2005-2361, CVE-2005-2362, CVE-2005-2363,
CVE-2005-2364, CVE-2005-2365, CVE-2005-2366,
CVE-2005-2367, CVE-2005-3241, CVE-2005-3242,
CVE-2005-3243, CVE-2005-3244, CVE-2005-3245,
CVE-2005-3246, CVE-2005-3247, CVE-2005-3248,
CVE-2005-3249, and CVE-2005-3184.
---------------------------------------------------------------------
1. Topic:
Updated Ethereal packages that fix various security vulnerabilities are
now available.
Ethereal is a program for monitoring network traffic.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
3. Problem description:
A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious
packets to trigger these flaws and cause Ethereal to crash or
potentially execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the following names to
these issues:
CAN-2004-1139, CAN-2004-1140, CVE-2004-1141, CVE-2004-1142,
CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009,
CVE-2005-0010, CVE-2005-0084, CVE-2005-0699, CVE-2005-0704,
CVE-2005-0705, CVE-2005-0739, CVE-2005-1456, CVE-2005-1457,
CVE-2005-1458, CVE-2005-1459, CVE-2005-1460, CVE-2005-1461,
CVE-2005-1462, CVE-2005-1463, CVE-2005-1464, CVE-2005-1465,
CVE-2005-1466, CVE-2005-1467, CVE-2005-1468, CVE-2005-1469,
CVE-2005-1470, CVE-2005-2360, CVE-2005-2361, CVE-2005-2362,
CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366,
CVE-2005-2367, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243,
CVE-2005-3244, CVE-2005-3245, CVE-2005-3246, CVE-2005-3247,
CVE-2005-3248, CVE-2005-3249, and CVE-2005-3184.
Users of Ethereal should upgrade to these updated packages which contain
version 0.10.13 and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit
http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1529226. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ethereal-0.10.13-0.73.1.legacy.src.rpmi386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.13-0.73.1.legacy.i386.rpmhttp://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpmRed Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ethereal-0.10.13-0.90.1.legacy.src.rpmi386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.13-0.90.1.legacy.i386.rpmhttp://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.90.1.legacy.i386.rpmFedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/ethereal-0.10.13-1.FC1.3.legacy.src.rpmi386:
http://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-0.10.13-1.FC1.3.legacy.i386.rpmhttp://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpmFedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/ethereal-0.10.13-1.FC2.2.legacy.src.rpmi386:
http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-0.10.13-1.FC2.2.legacy.i386.rpmhttp://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------
b6ec3227ce109dee158226168c100e726bfc20e3
redhat/7.3/updates/i386/ethereal-0.10.13-0.73.1.legacy.i386.rpm
76bf3ca139e814ced155cab659e2845713baeee8
redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpm
27d46417d6c70d7696ce51bb0eda1eca4c09306c
redhat/7.3/updates/SRPMS/ethereal-0.10.13-0.73.1.legacy.src.rpm
f40d4d125f74b5b2320b5f9c07a4dfe3a38b6070
redhat/9/updates/i386/ethereal-0.10.13-0.90.1.legacy.i386.rpm
d2a08d88c8c22d375f36ebcaf480b580244e7b8f
redhat/9/updates/i386/ethereal-gnome-0.10.13-0.90.1.legacy.i386.rpm
51e96ba6f6d6448370fd1d7e88bce2be2561f5b8
redhat/9/updates/SRPMS/ethereal-0.10.13-0.90.1.legacy.src.rpm
1f7a8447e658a08866f8050458c130793684ea72
fedora/1/updates/i386/ethereal-0.10.13-1.FC1.3.legacy.i386.rpm
15198b45cdf68437b14cf37476b4eacb93313547
fedora/1/updates/i386/ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpm
7df377ffb3f5267fc65e11adb54882d92135b405
fedora/1/updates/SRPMS/ethereal-0.10.13-1.FC1.3.legacy.src.rpm
f50e59779e38adf3de331c9f1b71f49ddb5dec11
fedora/2/updates/i386/ethereal-0.10.13-1.FC2.2.legacy.i386.rpm
92c6b494330da5f7c6757bec6004d9110786c914
fedora/2/updates/i386/ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm
aa43704fe2deb8aa46b3e61e3884470d9911e1fa
fedora/2/updates/SRPMS/ethereal-0.10.13-1.FC2.2.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from
http://www.fedoralegacy.org/about/security.phpYou can verify each package with the following command:
rpm --checksig -v lt;filenamegt;
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum lt;filenamegt;
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1139http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1140http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1141http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1142http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0006http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0007http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0008http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0009http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0010http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0084http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0699http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0704http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0705http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0739http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1456http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1457http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1458http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1459http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1460http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1461http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1462http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1463http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1464http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1465http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1466http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1467http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1468http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1469http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1470http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2360http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2361http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2362http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2363http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2364http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2365http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2366http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2367http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3241http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3242http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3243http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3244http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3245http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3246http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3247http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3248http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3249http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-31849. Contact:
The Fedora Legacy security contact is lt;secnotice@fedoralegacy.orggt;. More
project details at
http://www.fedoralegacy.org