Fedora Linux 8779 Published by

A new update is available for Fedora Core - [SECURITY] Fedora Core 4 Update: ethereal-0.99.0-fc4.1. Here the announcement:



Fedora Update Notification
FEDORA-2006-461
2006-04-26
---------------------------------------------------------------------

Product : Fedora Core 4
Name : ethereal
Version : 0.99.0
Release : fc4.1
Summary : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------
Update Information:

Many security vulnerabilities have been fixed since the
previous release.

* The H.248 dissector could crash. Versions affected:
0.10.14.
CVE: CVE-2006-1937

* The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
CVE: CVE-2006-1933

* The X.509if dissector could crash. Versions affected:
0.10.14.
CVE: CVE-2006-1937

* The SRVLOC dissector could crash. Versions affected:
0.10.0 - 0.10.14.
CVE: CVE-2006-1937

* The H.245 dissector could crash. Versions affected:
0.10.13 - 0.10.14.
CVE: CVE-2006-1937

* Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14.
CVE: CVE-2006-1932

* The COPS dissector could overflow a buffer. Versions
affected: 0.9.15 - 0.10.14.
CVE: CVE-2006-1935

* The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14.
CVE: CVE-2006-1934

Under a grant funded by the U.S. Department of Homeland
Security, Coverity has uncovered a number of vulnerabilities
in Ethereal:

* The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14.
CVE: CVE-2006-1937

* Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14.
CVE: CVE-2006-1938

* An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939

* The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
CVE: CVE-2006-1937

* The AIM dissector could crash Ethereal. Versions
affected: 0.10.7 - 0.10.14.
CVE: CVE-2006-1937

* The RPC dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
CVE: CVE-2006-1939

* The DCERPC dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939

* The ASN.1 dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
CVE: CVE-2006-1939

* The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14.
CVE: CVE-2006-1938

* The BER dissector could loop excessively. Versions
affected: 0.10.4 - 0.10.14.
CVE: CVE-2006-1933

* The SNDCP dissector could abort. Versions affected:
0.10.4 - 0.10.14.
CVE: CVE-2006-1940

* The Network Instruments file code could overrun a
buffer. Versions affected: 0.10.0 - 0.10.14.
CVE: CVE-2006-1934

* The NetXray/Windows Sniffer file code could overrun a
buffer. Versions affected: 0.10.13 - 0.10.14.
CVE: CVE-2006-1934

* The GSM SMS dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939

* The ALCAP dissector could overrun a buffer. Versions
affected: 0.10.14.
CVE: CVE-2006-1934

* The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14.
CVE: CVE-2006-1936

* ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14.
CVE: CVE-2006-1939

* The H.248 dissector could crash Ethereal. Versions
affected: 0.10.11 - 0.10.14.
CVE: CVE-2006-1937

* The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
CVE: CVE-2006-1939

* The PER dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
CVE: CVE-2006-1939
---------------------------------------------------------------------
* Tue Apr 25 2006 Radek Vokál <rvokal@redhat.com> 0.99.0-fc4.1
- update to 0.99.0
- fix segfault when rearranging columns

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

462f828b3f5708f7a9225952e1b01f3a10c8c28f SRPMS/ethereal-0.99.0-fc4.1.src.rpm
10af5f56d3be8b24ba3cbd1930f5edfa02fefc4f ppc/ethereal-0.99.0-fc4.1.ppc.rpm
3c3424e8a2840994ed64e7071096a82567be076a ppc/ethereal-gnome-0.99.0-fc4.1.ppc.rpm
6ee0df23b23b6b52587d3041b5b8435fcf9b7f18 ppc/debug/ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm
2f9a992da291462ff8496525352b809f0338c2b4 x86_64/ethereal-0.99.0-fc4.1.x86_64.rpm
ba97833a340bb014beb26e6a74b0ed4a4169bc2f x86_64/ethereal-gnome-0.99.0-fc4.1.x86_64.rpm
8d03f722713ee6e55cefc149af72440733f0d48f x86_64/debug/ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm
6a24e66c6d732387713af9f83a6cd01508f2c73f i386/ethereal-0.99.0-fc4.1.i386.rpm
bf074656cfb1a0bf70264fd27a08ad0cc3602110 i386/ethereal-gnome-0.99.0-fc4.1.i386.rpm
9323b27214f01f1dc34a082ff1c5961773319f9b i386/debug/ethereal-debuginfo-0.99.0-fc4.1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list