Gentoo: Etherial multiple vulnerabilities
Summary
----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- - --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-04 - - ---------------------------------------------------------------------------
GLSA: 200311-04 package: net-analyzer/ethereal summary: Security problems in Ethereal 0.9.15 severity: normal Gentoo bug: 32691 date: 2003-11-22 CVE: none exploit: remote affected: <0.9.16 fixed:>=0.9.16
DESCRIPTION:
Quote from <
Potential security issues have been discovered in the following protocol dissectors:
* An improperly formatted GTP MSISDN string could cause a buffer overflow.
* A malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash.
* The SOCKS dissector was susceptible to a heap overlfow.
Impact:
It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.
Resolution:
Upgrade to 0.9.16.
If you are running a version prior to 0.9.16 and you cannot upgrade, you can disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them from the list.
SOLUTION:
It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal 0.9.x upgrade:
emerge sync emerge '>=net-analyzer/ethereal-0.9.16' emerge clean
- -- Andrea Barisani <lcars@gentoo.org> .*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0xC9EE0905 ( ) 491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/wi7qyqksfcnuCQURAtzrAJ9aRrV+aALW2vrSlcdgZmKshnS3kACfVz2E IZI8yNOWjMb81RRpK6IY+wE=IPJD -----END PGP SIGNATURE-----
0.9.16