---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-456
2006-04-25
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : ethereal
Version     : 0.99.0                      
Release     : fc5.1                  
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------
Update Information:

 Many security vulnerabilities have been fixed since the
previous release.

    * The H.248 dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
      CVE: CVE-2006-1933

    * The X.509if dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The SRVLOC dissector could crash. Versions affected:
0.10.0 - 0.10.14.
      CVE: CVE-2006-1937

    * The H.245 dissector could crash. Versions affected:
0.10.13 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14.
      CVE: CVE-2006-1932

    * The COPS dissector could overflow a buffer. Versions
affected: 0.9.15 - 0.10.14.
      CVE: CVE-2006-1935

    * The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934 

Under a grant funded by the U.S. Department of Homeland
Security, Coverity has uncovered a number of vulnerabilities
in Ethereal:

    * The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14.
      CVE: CVE-2006-1938

    * An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
      CVE: CVE-2006-1937

    * The AIM dissector could crash Ethereal. Versions
affected: 0.10.7 - 0.10.14.
      CVE: CVE-2006-1937

    * The RPC dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The DCERPC dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ASN.1 dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14.
      CVE: CVE-2006-1938

    * The BER dissector could loop excessively. Versions
affected: 0.10.4 - 0.10.14.
      CVE: CVE-2006-1933

    * The SNDCP dissector could abort. Versions affected:
0.10.4 - 0.10.14.
      CVE: CVE-2006-1940

    * The Network Instruments file code could overrun a
buffer. Versions affected: 0.10.0 - 0.10.14.
      CVE: CVE-2006-1934

    * The NetXray/Windows Sniffer file code could overrun a
buffer. Versions affected: 0.10.13 - 0.10.14.
      CVE: CVE-2006-1934

    * The GSM SMS dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ALCAP dissector could overrun a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934

    * The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14.
      CVE: CVE-2006-1936

    * ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14.
      CVE: CVE-2006-1939

    * The H.248 dissector could crash Ethereal. Versions
affected: 0.10.11 - 0.10.14.
      CVE: CVE-2006-1937

    * The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939

    * The PER dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939
---------------------------------------------------------------------
* Tue Apr 25 2006 Radek Vokál  0.99.0-fc5.1
- update to 0.99.0
* Tue Apr 25 2006 Radek Vokál  0.10.14-4
- fix crash when tuning columns (#189428)

---------------------------------------------------------------------
This update can be downloaded from:
  
db2d1fa4854b097f2d5443b477219e2d07ab9242  SRPMS/ethereal-0.99.0-fc5.1.src.rpm
2a4443475f30970021161e5783fad691a3ca735c  ppc/ethereal-0.99.0-fc5.1.ppc.rpm
52d37a0046435d710470ec8b82365b9a7f11adb4  ppc/ethereal-gnome-0.99.0-fc5.1.ppc.rpm
b4fc06d09f40a9a2e860260985b08d3293f0923a  ppc/debug/ethereal-debuginfo-0.99.0-fc5.1.ppc.rpm
97b4d5d2d9102f738756941f8c11cbc0a297c10b  x86_64/ethereal-0.99.0-fc5.1.x86_64.rpm
f18308798b547d5ebdd6343b5e721f451462db1c  x86_64/ethereal-gnome-0.99.0-fc5.1.x86_64.rpm
289851bf8d2942a39bead770bda76b983606dbcc  x86_64/debug/ethereal-debuginfo-0.99.0-fc5.1.x86_64.rpm
558e4618167c0667502d032fc60389199511e692  i386/ethereal-0.99.0-fc5.1.i386.rpm
b0c8f0082befdfb6ecf8acdf5af575b30ad9b1de  i386/ethereal-gnome-0.99.0-fc5.1.i386.rpm
1c5dc98172f23708dd31e3dfaea056e45237e528  i386/debug/ethereal-debuginfo-0.99.0-fc5.1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 5 Update: ethereal-0.99.0-fc5.1

April 25, 2006
Many security vulnerabilities have been fixed since the previous release. * The H.248 dissector could crash

Summary

Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for ethereal. A graphical user interface is packaged

separately to GTK+ package.

Update Information:

Many security vulnerabilities have been fixed since the previous release.

* The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937

* The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933

* The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937

* The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937

* The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937

* Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932

* The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935

* The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934

Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal:

* The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937

* Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938

* An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939

* The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937

* The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937

* The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939

* The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939

* The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939

* The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938

* The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933

* The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940

* The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934

* The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934

* The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939

* The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934

* The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936

* ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939

* The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937

* The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939

* The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 * Tue Apr 25 2006 Radek Vokál 0.99.0-fc5.1 - update to 0.99.0 * Tue Apr 25 2006 Radek Vokál 0.10.14-4 - fix crash when tuning columns (#189428)

This update can be downloaded from:

db2d1fa4854b097f2d5443b477219e2d07ab9242 SRPMS/ethereal-0.99.0-fc5.1.src.rpm 2a4443475f30970021161e5783fad691a3ca735c ppc/ethereal-0.99.0-fc5.1.ppc.rpm 52d37a0046435d710470ec8b82365b9a7f11adb4 ppc/ethereal-gnome-0.99.0-fc5.1.ppc.rpm b4fc06d09f40a9a2e860260985b08d3293f0923a ppc/debug/ethereal-debuginfo-0.99.0-fc5.1.ppc.rpm 97b4d5d2d9102f738756941f8c11cbc0a297c10b x86_64/ethereal-0.99.0-fc5.1.x86_64.rpm f18308798b547d5ebdd6343b5e721f451462db1c x86_64/ethereal-gnome-0.99.0-fc5.1.x86_64.rpm 289851bf8d2942a39bead770bda76b983606dbcc x86_64/debug/ethereal-debuginfo-0.99.0-fc5.1.x86_64.rpm 558e4618167c0667502d032fc60389199511e692 i386/ethereal-0.99.0-fc5.1.i386.rpm b0c8f0082befdfb6ecf8acdf5af575b30ad9b1de i386/ethereal-gnome-0.99.0-fc5.1.i386.rpm 1c5dc98172f23708dd31e3dfaea056e45237e528 i386/debug/ethereal-debuginfo-0.99.0-fc5.1.i386.rpm

Change Log

References

Fedora Update Notification FEDORA-2006-456 2006-04-25 Product : Fedora Core 5 Name : ethereal Version : 0.99.0 Release : fc5.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package.

Update Instructions

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . -- fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list

Severity
Product : Fedora Core 5
Name : ethereal
Version : 0.99.0
Release : fc5.1
Summary : Network traffic analyzer

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved