LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
Is Mandatory Access Control Too Much Security For Enterprise's Linux?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: August 29th, 2008
Linux Security Week: August 25th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 5 Update: ethereal-0.99.0-fc5.1 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Many security vulnerabilities have been fixed since the previous release. * The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 * The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933 * The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 * The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937 * The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937 * Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932 * The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935 * The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal: * The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937 * Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938 * An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937 * The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937 * The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 * The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 * The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938 * The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933 * The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940 * The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934 * The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934 * The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 * The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936 * ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939 * The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937 * The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 * The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-456
2006-04-25
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : ethereal
Version     : 0.99.0                      
Release     : fc5.1                  
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------
Update Information:

 Many security vulnerabilities have been fixed since the
previous release.

    * The H.248 dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
      CVE: CVE-2006-1933

    * The X.509if dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The SRVLOC dissector could crash. Versions affected:
0.10.0 - 0.10.14.
      CVE: CVE-2006-1937

    * The H.245 dissector could crash. Versions affected:
0.10.13 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14.
      CVE: CVE-2006-1932

    * The COPS dissector could overflow a buffer. Versions
affected: 0.9.15 - 0.10.14.
      CVE: CVE-2006-1935

    * The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934 

Under a grant funded by the U.S. Department of Homeland
Security, Coverity has uncovered a number of vulnerabilities
in Ethereal:

    * The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14.
      CVE: CVE-2006-1938

    * An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
      CVE: CVE-2006-1937

    * The AIM dissector could crash Ethereal. Versions
affected: 0.10.7 - 0.10.14.
      CVE: CVE-2006-1937

    * The RPC dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The DCERPC dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ASN.1 dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14.
      CVE: CVE-2006-1938

    * The BER dissector could loop excessively. Versions
affected: 0.10.4 - 0.10.14.
      CVE: CVE-2006-1933

    * The SNDCP dissector could abort. Versions affected:
0.10.4 - 0.10.14.
      CVE: CVE-2006-1940

    * The Network Instruments file code could overrun a
buffer. Versions affected: 0.10.0 - 0.10.14.
      CVE: CVE-2006-1934

    * The NetXray/Windows Sniffer file code could overrun a
buffer. Versions affected: 0.10.13 - 0.10.14.
      CVE: CVE-2006-1934

    * The GSM SMS dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ALCAP dissector could overrun a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934

    * The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14.
      CVE: CVE-2006-1936

    * ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14.
      CVE: CVE-2006-1939

    * The H.248 dissector could crash Ethereal. Versions
affected: 0.10.11 - 0.10.14.
      CVE: CVE-2006-1937

    * The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939

    * The PER dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939
---------------------------------------------------------------------
* Tue Apr 25 2006 Radek Vokál  0.99.0-fc5.1
- update to 0.99.0
* Tue Apr 25 2006 Radek Vokál  0.10.14-4
- fix crash when tuning columns (#189428)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

db2d1fa4854b097f2d5443b477219e2d07ab9242  SRPMS/ethereal-0.99.0-fc5.1.src.rpm
2a4443475f30970021161e5783fad691a3ca735c  ppc/ethereal-0.99.0-fc5.1.ppc.rpm
52d37a0046435d710470ec8b82365b9a7f11adb4  ppc/ethereal-gnome-0.99.0-fc5.1.ppc.rpm
b4fc06d09f40a9a2e860260985b08d3293f0923a  ppc/debug/ethereal-debuginfo-0.99.0-fc5.1.ppc.rpm
97b4d5d2d9102f738756941f8c11cbc0a297c10b  x86_64/ethereal-0.99.0-fc5.1.x86_64.rpm
f18308798b547d5ebdd6343b5e721f451462db1c  x86_64/ethereal-gnome-0.99.0-fc5.1.x86_64.rpm
289851bf8d2942a39bead770bda76b983606dbcc  x86_64/debug/ethereal-debuginfo-0.99.0-fc5.1.x86_64.rpm
558e4618167c0667502d032fc60389199511e692  i386/ethereal-0.99.0-fc5.1.i386.rpm
b0c8f0082befdfb6ecf8acdf5af575b30ad9b1de  i386/ethereal-gnome-0.99.0-fc5.1.i386.rpm
1c5dc98172f23708dd31e3dfaea056e45237e528  i386/debug/ethereal-debuginfo-0.99.0-fc5.1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list
 
< Prev   Next >
    
Partner:

 
Latest Features
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
Yesterday's Edition
Security Configuration Guides
Firefox 3.0's SSL Certificate Interface Meets Resistance

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.