Mandriva 1273 Published by

Updated ethereal packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: ethereal
Advisory ID: MDKSA-2005:013
Date: January 24th, 2005

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A number of vulnerabilities were found in Ethereal, all of which are fixed in version 0.10.9: The COPS dissector could go into an infinite loop (CAN-2005-0006); the DLSw dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0007); the DNP dissector could cause memory corruption (CAN-2005-0008); the Gnutella dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0009); the MMSE dissector could free static memory (CAN-2005-0010); and the X11 protocol dissector is vulnerable to a string buffer overflow (CAN-2005-0084).



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084
http://www.ethereal.com/appnotes/enpa-sa-00017.html
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
c74b93a5f05c68eb7845c6d3a05d7ab5 10.0/RPMS/ethereal-0.10.9-0.1.100mdk.i586.rpm
bbdcd41fe80851a0248c8606f0f0ddba 10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
3ab0b6691827a4d228b2696efda24de1 amd64/10.0/RPMS/ethereal-0.10.9-0.1.100mdk.amd64.rpm
bbdcd41fe80851a0248c8606f0f0ddba amd64/10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm

Mandrakelinux 10.1:
72d299832f7340c675f9cf89aaad555f 10.1/RPMS/ethereal-0.10.9-0.1.101mdk.i586.rpm
646de9ee68b10dba30c6f7f0b9989f7d 10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.i586.rpm
48cb5ca4befde405416a9aa7c19b5556 10.1/RPMS/libethereal0-0.10.9-0.1.101mdk.i586.rpm
c3d5c5d06f7afd1e23f06f682188c03e 10.1/RPMS/tethereal-0.10.9-0.1.101mdk.i586.rpm
87e639367056153d74db172ebb8ca897 10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
f8852108acdeb991a2a2c06e225863d9 x86_64/10.1/RPMS/ethereal-0.10.9-0.1.101mdk.x86_64.rpm
3ee69f3876a7741ddeb8a79ac2229fb7 x86_64/10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.x86_64.rpm
edb8a0f7523320df5f30db3e872ef139 x86_64/10.1/RPMS/lib64ethereal0-0.10.9-0.1.101mdk.x86_64.rpm
6cf8367b84d5508cdaaa96e59f973ce8 x86_64/10.1/RPMS/tethereal-0.10.9-0.1.101mdk.x86_64.rpm
87e639367056153d74db172ebb8ca897 x86_64/10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com