---------------------------------------------------------------------Fedora Update Notification
FEDORA-2006-461
2006-04-26
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : ethereal
Version     : 0.99.0                      
Release     : fc4.1                  
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------Update Information:

 Many security vulnerabilities have been fixed since the
previous release.

    * The H.248 dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
      CVE: CVE-2006-1933

    * The X.509if dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The SRVLOC dissector could crash. Versions affected:
0.10.0 - 0.10.14.
      CVE: CVE-2006-1937

    * The H.245 dissector could crash. Versions affected:
0.10.13 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14.
      CVE: CVE-2006-1932

    * The COPS dissector could overflow a buffer. Versions
affected: 0.9.15 - 0.10.14.
      CVE: CVE-2006-1935

    * The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934 

Under a grant funded by the U.S. Department of Homeland
Security, Coverity has uncovered a number of vulnerabilities
in Ethereal:

    * The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14.
      CVE: CVE-2006-1938

    * An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
      CVE: CVE-2006-1937

    * The AIM dissector could crash Ethereal. Versions
affected: 0.10.7 - 0.10.14.
      CVE: CVE-2006-1937

    * The RPC dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The DCERPC dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ASN.1 dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14.
      CVE: CVE-2006-1938

    * The BER dissector could loop excessively. Versions
affected: 0.10.4 - 0.10.14.
      CVE: CVE-2006-1933

    * The SNDCP dissector could abort. Versions affected:
0.10.4 - 0.10.14.
      CVE: CVE-2006-1940

    * The Network Instruments file code could overrun a
buffer. Versions affected: 0.10.0 - 0.10.14.
      CVE: CVE-2006-1934

    * The NetXray/Windows Sniffer file code could overrun a
buffer. Versions affected: 0.10.13 - 0.10.14.
      CVE: CVE-2006-1934

    * The GSM SMS dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ALCAP dissector could overrun a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934

    * The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14.
      CVE: CVE-2006-1936

    * ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14.
      CVE: CVE-2006-1939

    * The H.248 dissector could crash Ethereal. Versions
affected: 0.10.11 - 0.10.14.
      CVE: CVE-2006-1937

    * The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939

    * The PER dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939
---------------------------------------------------------------------* Tue Apr 25 2006 Radek Vokál  0.99.0-fc4.1
- update to 0.99.0
- fix segfault when rearranging columns

---------------------------------------------------------------------This update can be downloaded from:
  
462f828b3f5708f7a9225952e1b01f3a10c8c28f  SRPMS/ethereal-0.99.0-fc4.1.src.rpm
10af5f56d3be8b24ba3cbd1930f5edfa02fefc4f  ppc/ethereal-0.99.0-fc4.1.ppc.rpm
3c3424e8a2840994ed64e7071096a82567be076a  ppc/ethereal-gnome-0.99.0-fc4.1.ppc.rpm
6ee0df23b23b6b52587d3041b5b8435fcf9b7f18  ppc/debug/ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm
2f9a992da291462ff8496525352b809f0338c2b4  x86_64/ethereal-0.99.0-fc4.1.x86_64.rpm
ba97833a340bb014beb26e6a74b0ed4a4169bc2f  x86_64/ethereal-gnome-0.99.0-fc4.1.x86_64.rpm
8d03f722713ee6e55cefc149af72440733f0d48f  x86_64/debug/ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm
6a24e66c6d732387713af9f83a6cd01508f2c73f  i386/ethereal-0.99.0-fc4.1.i386.rpm
bf074656cfb1a0bf70264fd27a08ad0cc3602110  i386/ethereal-gnome-0.99.0-fc4.1.i386.rpm
9323b27214f01f1dc34a082ff1c5961773319f9b  i386/debug/ethereal-debuginfo-0.99.0-fc4.1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
----------------------------------------------------------------------- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: ethereal-0.99.0-fc4.1

April 26, 2006
Many security vulnerabilities have been fixed since the previous release.

Summary

Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for ethereal. A graphical user interface is packaged

separately to GTK+ package.

Many security vulnerabilities have been fixed since the

previous release.

* The H.248 dissector could crash. Versions affected:

0.10.14.

CVE: CVE-2006-1937

* The UMA dissector could go into an infinite loop.

Versions affected: 0.10.12 - 0.10.14.

CVE: CVE-2006-1933

* The X.509if dissector could crash. Versions affected:

0.10.14.

CVE: CVE-2006-1937

* The SRVLOC dissector could crash. Versions affected:

0.10.0 - 0.10.14.

CVE: CVE-2006-1937

* The H.245 dissector could crash. Versions affected:

0.10.13 - 0.10.14.

CVE: CVE-2006-1937

* Ethereal's OID printing routine was susceptible to an

off-by-one error. Versions affected: 0.10.14.

CVE: CVE-2006-1932

* The COPS dissector could overflow a buffer. Versions

affected: 0.9.15 - 0.10.14.

CVE: CVE-2006-1935

* The ALCAP dissector could overflow a buffer. Versions

affected: 0.10.14.

CVE: CVE-2006-1934

Under a grant funded by the U.S. Department of Homeland

Security, Coverity has uncovered a number of vulnerabilities

in Ethereal:

* The statistics counter could crash Ethereal. Versions

affected: 0.10.10 - 0.10.14.

CVE: CVE-2006-1937

* Ethereal could crash while reading a malformed Sniffer

capture. Versions affected: 0.8.12 - 0.10.14.

CVE: CVE-2006-1938

* An invalid display filter could crash Ethereal.

Versions affected: 0.9.16 - 0.10.14.

CVE: CVE-2006-1939

* The general packet dissector could crash Ethereal.

Versions affected: 0.10.9 - 0.10.14.

CVE: CVE-2006-1937

* The AIM dissector could crash Ethereal. Versions

affected: 0.10.7 - 0.10.14.

CVE: CVE-2006-1937

* The RPC dissector could crash Ethereal. Versions

affected: 0.9.8 - 0.10.14.

CVE: CVE-2006-1939

* The DCERPC dissector could crash Ethereal. Versions

affected: 0.9.16 - 0.10.14.

CVE: CVE-2006-1939

* The ASN.1 dissector could crash Ethereal. Versions

affected: 0.9.8 - 0.10.14.

CVE: CVE-2006-1939

* The SMB PIPE dissector could crash Ethereal. Versions

affected: 0.8.20 - 0.10.14.

CVE: CVE-2006-1938

* The BER dissector could loop excessively. Versions

affected: 0.10.4 - 0.10.14.

CVE: CVE-2006-1933

* The SNDCP dissector could abort. Versions affected:

0.10.4 - 0.10.14.

CVE: CVE-2006-1940

* The Network Instruments file code could overrun a

buffer. Versions affected: 0.10.0 - 0.10.14.

CVE: CVE-2006-1934

* The NetXray/Windows Sniffer file code could overrun a

buffer. Versions affected: 0.10.13 - 0.10.14.

CVE: CVE-2006-1934

* The GSM SMS dissector could crash Ethereal. Versions

affected: 0.9.16 - 0.10.14.

CVE: CVE-2006-1939

* The ALCAP dissector could overrun a buffer. Versions

affected: 0.10.14.

CVE: CVE-2006-1934

* The telnet dissector could overrun a buffer. Versions

affected: 0.8.5 - 0.10.14.

CVE: CVE-2006-1936

* ASN.1-based dissectors could crash Ethereal. Versions

affected: 0.9.10 - 0.10.14.

CVE: CVE-2006-1939

* The H.248 dissector could crash Ethereal. Versions

affected: 0.10.11 - 0.10.14.

CVE: CVE-2006-1937

* The DCERPC NT dissector could crash Ethereal. Versions

affected: 0.9.14 - 0.10.14.

CVE: CVE-2006-1939

* The PER dissector could crash Ethereal. Versions

affected: 0.9.14 - 0.10.14.

CVE: CVE-2006-1939

- update to 0.99.0

- fix segfault when rearranging columns

462f828b3f5708f7a9225952e1b01f3a10c8c28f SRPMS/ethereal-0.99.0-fc4.1.src.rpm

10af5f56d3be8b24ba3cbd1930f5edfa02fefc4f ppc/ethereal-0.99.0-fc4.1.ppc.rpm

3c3424e8a2840994ed64e7071096a82567be076a ppc/ethereal-gnome-0.99.0-fc4.1.ppc.rpm

6ee0df23b23b6b52587d3041b5b8435fcf9b7f18 ppc/debug/ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm

2f9a992da291462ff8496525352b809f0338c2b4 x86_64/ethereal-0.99.0-fc4.1.x86_64.rpm

ba97833a340bb014beb26e6a74b0ed4a4169bc2f x86_64/ethereal-gnome-0.99.0-fc4.1.x86_64.rpm

8d03f722713ee6e55cefc149af72440733f0d48f x86_64/debug/ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm

6a24e66c6d732387713af9f83a6cd01508f2c73f i386/ethereal-0.99.0-fc4.1.i386.rpm

bf074656cfb1a0bf70264fd27a08ad0cc3602110 i386/ethereal-gnome-0.99.0-fc4.1.i386.rpm

9323b27214f01f1dc34a082ff1c5961773319f9b i386/debug/ethereal-debuginfo-0.99.0-fc4.1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2006-461 2006-04-26 Name : ethereal Version : 0.99.0 Release : fc4.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package. Many security vulnerabilities have been fixed since the previous release. * The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 * The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933 * The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 * The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937 * The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937 * Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932 * The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935 * The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal: * The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937 * Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938 * An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937 * The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937 * The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 * The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 * The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938 * The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933 * The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940 * The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934 * The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934 * The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 * The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936 * ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939 * The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937 * The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 * The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 - update to 0.99.0 - fix segfault when rearranging columns 462f828b3f5708f7a9225952e1b01f3a10c8c28f SRPMS/ethereal-0.99.0-fc4.1.src.rpm 10af5f56d3be8b24ba3cbd1930f5edfa02fefc4f ppc/ethereal-0.99.0-fc4.1.ppc.rpm 3c3424e8a2840994ed64e7071096a82567be076a ppc/ethereal-gnome-0.99.0-fc4.1.ppc.rpm 6ee0df23b23b6b52587d3041b5b8435fcf9b7f18 ppc/debug/ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm 2f9a992da291462ff8496525352b809f0338c2b4 x86_64/ethereal-0.99.0-fc4.1.x86_64.rpm ba97833a340bb014beb26e6a74b0ed4a4169bc2f x86_64/ethereal-gnome-0.99.0-fc4.1.x86_64.rpm 8d03f722713ee6e55cefc149af72440733f0d48f x86_64/debug/ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm 6a24e66c6d732387713af9f83a6cd01508f2c73f i386/ethereal-0.99.0-fc4.1.i386.rpm bf074656cfb1a0bf70264fd27a08ad0cc3602110 i386/ethereal-gnome-0.99.0-fc4.1.i386.rpm 9323b27214f01f1dc34a082ff1c5961773319f9b i386/debug/ethereal-debuginfo-0.99.0-fc4.1.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : ethereal
Version : 0.99.0
Release : fc4.1
Summary : Network traffic analyzer

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved