[SECURITY] Fedora Core 5 Update: ethereal-0.99.0-fc5.1
Posted on: 04/25/2006 07:12 PM

A new update is available for Fedora Core - [SECURITY] Fedora Core 5 Update: ethereal-0.99.0-fc5.1. Here the announcement:

Fedora Update Notification
FEDORA-2006-456
2006-04-25
---------------------------------------------------------------------

Product : Fedora Core 5
Name : ethereal
Version : 0.99.0
Release : fc5.1
Summary : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------
Update Information:

Many security vulnerabilities have been fixed since the
previous release.

* The H.248 dissector could crash. Versions affected:
0.10.14.
CVE: CVE-2006-1937

* The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
CVE: CVE-2006-1933

* The X.509if dissector could crash. Versions affected:
0.10.14.
CVE: CVE-2006-1937

* The SRVLOC dissector could crash. Versions affected:
0.10.0 - 0.10.14.
CVE: CVE-2006-1937

* The H.245 dissector could crash. Versions affected:
0.10.13 - 0.10.14.
CVE: CVE-2006-1937

* Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14.
CVE: CVE-2006-1932

* The COPS dissector could overflow a buffer. Versions
affected: 0.9.15 - 0.10.14.
CVE: CVE-2006-1935

* The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14.
CVE: CVE-2006-1934

Under a grant funded by the U.S. Department of Homeland
Security, Coverity has uncovered a number of vulnerabilities
in Ethereal:

* The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14.
CVE: CVE-2006-1937

* Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14.
CVE: CVE-2006-1938

* An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939

* The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
CVE: CVE-2006-1937

* The AIM dissector could crash Ethereal. Versions
affected: 0.10.7 - 0.10.14.
CVE: CVE-2006-1937

* The RPC dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
CVE: CVE-2006-1939

* The DCERPC dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939

* The ASN.1 dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
CVE: CVE-2006-1939

* The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14.
CVE: CVE-2006-1938

* The BER dissector could loop excessively. Versions
affected: 0.10.4 - 0.10.14.
CVE: CVE-2006-1933

* The SNDCP dissector could abort. Versions affected:
0.10.4 - 0.10.14.
CVE: CVE-2006-1940

* The Network Instruments file code could overrun a
buffer. Versions affected: 0.10.0 - 0.10.14.
CVE: CVE-2006-1934

* The NetXray/Windows Sniffer file code could overrun a
buffer. Versions affected: 0.10.13 - 0.10.14.
CVE: CVE-2006-1934

* The GSM SMS dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939

* The ALCAP dissector could overrun a buffer. Versions
affected: 0.10.14.
CVE: CVE-2006-1934

* The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14.
CVE: CVE-2006-1936

* ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14.
CVE: CVE-2006-1939

* The H.248 dissector could crash Ethereal. Versions
affected: 0.10.11 - 0.10.14.
CVE: CVE-2006-1937

* The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
CVE: CVE-2006-1939

* The PER dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
CVE: CVE-2006-1939
---------------------------------------------------------------------
* Tue Apr 25 2006 Radek Vokál lt;rvokal@redhat.comgt; 0.99.0-fc5.1
- update to 0.99.0
* Tue Apr 25 2006 Radek Vokál lt;rvokal@redhat.comgt; 0.10.14-4
- fix crash when tuning columns (#189428)

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

db2d1fa4854b097f2d5443b477219e2d07ab9242 SRPMS/ethereal-0.99.0-fc5.1.src.rpm
2a4443475f30970021161e5783fad691a3ca735c ppc/ethereal-0.99.0-fc5.1.ppc.rpm
52d37a0046435d710470ec8b82365b9a7f11adb4 ppc/ethereal-gnome-0.99.0-fc5.1.ppc.rpm
b4fc06d09f40a9a2e860260985b08d3293f0923a ppc/debug/ethereal-debuginfo-0.99.0-fc5.1.ppc.rpm
97b4d5d2d9102f738756941f8c11cbc0a297c10b x86_64/ethereal-0.99.0-fc5.1.x86_64.rpm
f18308798b547d5ebdd6343b5e721f451462db1c x86_64/ethereal-gnome-0.99.0-fc5.1.x86_64.rpm
289851bf8d2942a39bead770bda76b983606dbcc x86_64/debug/ethereal-debuginfo-0.99.0-fc5.1.x86_64.rpm
558e4618167c0667502d032fc60389199511e692 i386/ethereal-0.99.0-fc5.1.i386.rpm
b0c8f0082befdfb6ecf8acdf5af575b30ad9b1de i386/ethereal-gnome-0.99.0-fc5.1.i386.rpm
1c5dc98172f23708dd31e3dfaea056e45237e528 i386/debug/ethereal-debuginfo-0.99.0-fc5.1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_fedora_core_5_update_ethereal_0990_fc51.html)