[UCI-Linux] Phil Knirsch: [SECURITY] Fedora Core 2 Update: ethereal-0.10.5-0.2.1

Mike Iglesias IGLESIAS at uci.edu
Wed Jul 14 13:21:15 PDT 2004

------- Forwarded Message

Return-Path: fedora-announce-list-bounces at redhat.com
Delivery-Date: Wed Jul 14 12:36:08 2004
Received: from mta2.service.uci.edu (mta2.service.uci.edu [])
	by draco.acs.uci.edu (8.12.8/8.12.8) with ESMTP id i6EJZvOv012603
	for <iglesias at draco.acs.uci.edu>; Wed, 14 Jul 2004 12:35:57 -0700
Received: (from daemon at localhost)
	by mta2.service.uci.edu (8.11.4-20030923/8.11.2) id i6EJZuJ17525
	for iglesias at draco.acs.uci.edu.xyzzy; Wed, 14 Jul 2004 12:35:56 -0700 (PDT)
Received: (from daemon at localhost)
	by mta2.service.uci.edu (8.11.4-20030923/8.11.2) id i6EJZuS17521
	for iglesias at uci.edu.xyzzy; Wed, 14 Jul 2004 12:35:56 -0700 (PDT)
Received: from hormel.redhat.com (hormel.redhat.com [])
	by mta2.service.uci.edu (8.11.4-20030923/8.11.2) with ESMTP id i6EJZH917245
	for <iglesias at uci.edu>; Wed, 14 Jul 2004 12:35:17 -0700 (PDT)
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [])
	by hormel.redhat.com (Postfix) with ESMTP
	id A613E7454F; Wed, 14 Jul 2004 15:34:17 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	by listman.util.phx.redhat.com (8.12.10/8.12.10) with ESMTP id
	for <fedora-announce-list at listman.util.phx.redhat.com>;
	Wed, 14 Jul 2004 11:38:40 -0400
Received: (from mail at localhost)
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) id i6EFceK20271
	for fedora-announce-list at listman.util.phx.redhat.com;
	Wed, 14 Jul 2004 11:38:40 -0400
Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i6EFcd020265
	for <fedora-announce-list at int-mx1.corp.redhat.com>;
	Wed, 14 Jul 2004 11:38:39 -0400
Received: from [] (hamburg.stuttgart.redhat.com [])
	by pobox.stuttgart.redhat.com (8.12.8/8.12.8) with ESMTP id
	for <fedora-announce-list at redhat.com>; Wed, 14 Jul 2004 17:38:38 +0200
Message-ID: <40F5537E.4040102 at redhat.com>
Date: Wed, 14 Jul 2004 17:38:38 +0200
From: Phil Knirsch <pknirsch at redhat.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040625
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: fedora-announce-list at redhat.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-loop: fedora-announce-list at redhat.com
X-Mailman-Approved-At: Wed, 14 Jul 2004 15:33:42 -0400
Subject: [SECURITY] Fedora Core 2 Update: ethereal-0.10.5-0.2.1
X-BeenThere: fedora-announce-list at redhat.com
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: fedora-list at redhat.com
List-Id: Announcements related to the Fedora Project
List-Unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-announce-list>, 
	<mailto:fedora-announce-list-request at redhat.com?subject=unsubscribe>
List-Archive: </archives/fedora-announce-list>
List-Post: <mailto:fedora-announce-list at redhat.com>
List-Help: <mailto:fedora-announce-list-request at redhat.com?subject=help>
List-Subscribe: <http://www.redhat.com/mailman/listinfo/fedora-announce-list>, 
	<mailto:fedora-announce-list-request at redhat.com?subject=subscribe>
Sender: fedora-announce-list-bounces at redhat.com
Errors-To: fedora-announce-list-bounces at redhat.com
X-UCIRVINE-MailScanner: No viruses found
X-DRACO-MailScanner: Not checked for viruses
Status: O
X-UID: 23

- ---------------------------------------------------------------------
Fedora Update Notification
- ---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : ethereal
Version     : 0.10.5
Release     : 0.2.1
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

- ---------------------------------------------------------------------
Update Information:

  Issues have been discovered in the following protocol dissectors:

     * The iSNS dissector could make Ethereal abort in some cases. 
(0.10.3 - 0.10.4) CAN-2004-0633
     * SMB SID snooping could crash if there was no policy name for a 
handle. (0.9.15 - 0.10.4) CAN-2004-0634
     * The SNMP dissector could crash due to a malformed or missing 
community string. (0.8.15 - 0.10.4) CAN-2004-0635


It may be possible to make Ethereal crash or run arbitrary code by 
injecting a purposefully malformed packet onto the wire or by convincing 
someone to read a malformed packet trace file.


Upgrade to 0.10.5.

If you are running a version prior to 0.10.5 and you cannot upgrade, you 
can disable all of the protocol dissectors listed above by selecting 
Analyze->Enabled Protocols... and deselecting them from the list. For 
SMB, you can alternatively disable SID snooping in the SMB protocol 
preferences. However, it is strongly recommended that you upgrade to 
- ---------------------------------------------------------------------
* Fri Jul 09 2004 Phil Knirsch <pknirsch at redhat.com> 0.10.5-0.2.1

- - Update to ethereal-0.10.5 for security fixes.

- ---------------------------------------------------------------------
This update can be downloaded from:

1f4254c343bbfa2c2e98d9bb49340a5f  SRPMS/ethereal-0.10.5-0.2.1.src.rpm
c98d1e9da160d1400592b947fe308b10  x86_64/ethereal-0.10.5-0.2.1.x86_64.rpm
9bfbac5d3d743c8ef214724fb95a6356  i386/ethereal-0.10.5-0.2.1.i386.rpm
0b15320109ba9ee5bb1a4b32a7841e39  i386/ethereal-gnome-0.10.5-0.2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------

- -- 
Philipp Knirsch      | Tel.:  +49-711-96437-470
Development          | Fax.:  +49-711-96437-111
Red Hat GmbH         | Email: Phil Knirsch <phil at redhat.de>
Hauptstaetterstr. 58 | Web:   http://www.redhat.de/
D-70178 Stuttgart
Motd:  You're only jealous cos the little penguins are talking to me.

- --
fedora-announce-list mailing list
fedora-announce-list at redhat.com

------- End of Forwarded Message

More information about the UCI-Linux mailing list