[UCI-Linux] Phil Knirsch: [SECURITY] Fedora Core 2 Update: ethereal-0.10.5-0.2.1

Mike Iglesias IGLESIAS at uci.edu
Wed Jul 14 13:21:15 PDT 2004 

------- Forwarded Message

Return-Path: fedora-announce-list-bounces at redhat.com
Delivery-Date: Wed Jul 14 12:36:08 2004
Received: from mta2.service.uci.edu (mta2.service.uci.edu [128.195.200.202])
	by draco.acs.uci.edu (8.12.8/8.12.8) with ESMTP id i6EJZvOv012603
	for <iglesias at draco.acs.uci.edu>; Wed, 14 Jul 2004 12:35:57 -0700
Received: (from daemon at localhost)
	by mta2.service.uci.edu (8.11.4-20030923/8.11.2) id i6EJZuJ17525
	for iglesias at draco.acs.uci.edu.xyzzy; Wed, 14 Jul 2004 12:35:56 -0700 (PDT)
Received: (from daemon at localhost)
	by mta2.service.uci.edu (8.11.4-20030923/8.11.2) id i6EJZuS17521
	for iglesias at uci.edu.xyzzy; Wed, 14 Jul 2004 12:35:56 -0700 (PDT)
Received: from hormel.redhat.com (hormel.redhat.com [209.132.177.30])
	by mta2.service.uci.edu (8.11.4-20030923/8.11.2) with ESMTP id i6EJZH917245
	for <iglesias at uci.edu>; Wed, 14 Jul 2004 12:35:17 -0700 (PDT)
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [10.8.4.110])
	by hormel.redhat.com (Postfix) with ESMTP
	id A613E7454F; Wed, 14 Jul 2004 15:34:17 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	[172.16.52.254])
	by listman.util.phx.redhat.com (8.12.10/8.12.10) with ESMTP id
	i6EFceXW024488
	for <fedora-announce-list at listman.util.phx.redhat.com>;
	Wed, 14 Jul 2004 11:38:40 -0400
Received: (from mail at localhost)
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) id i6EFceK20271
	for fedora-announce-list at listman.util.phx.redhat.com;
	Wed, 14 Jul 2004 11:38:40 -0400
Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com
	[172.16.2.10])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i6EFcd020265
	for <fedora-announce-list at int-mx1.corp.redhat.com>;
	Wed, 14 Jul 2004 11:38:39 -0400
Received: from [172.16.2.151] (hamburg.stuttgart.redhat.com [172.16.2.151])
	by pobox.stuttgart.redhat.com (8.12.8/8.12.8) with ESMTP id
	i6EFcc40004403
	for <fedora-announce-list at redhat.com>; Wed, 14 Jul 2004 17:38:38 +0200
Message-ID: <40F5537E.4040102 at redhat.com>
Date: Wed, 14 Jul 2004 17:38:38 +0200
From: Phil Knirsch <pknirsch at redhat.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040625
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: fedora-announce-list at redhat.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-loop: fedora-announce-list at redhat.com
X-Mailman-Approved-At: Wed, 14 Jul 2004 15:33:42 -0400
Subject: [SECURITY] Fedora Core 2 Update: ethereal-0.10.5-0.2.1
X-BeenThere: fedora-announce-list at redhat.com
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: fedora-list at redhat.com
List-Id: Announcements related to the Fedora Project
	<fedora-announce-list.redhat.com>
List-Unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-announce-list>, 
	<mailto:fedora-announce-list-request at redhat.com?subject=unsubscribe>
List-Archive: </archives/fedora-announce-list>
List-Post: <mailto:fedora-announce-list at redhat.com>
List-Help: <mailto:fedora-announce-list-request at redhat.com?subject=help>
List-Subscribe: <http://www.redhat.com/mailman/listinfo/fedora-announce-list>, 
	<mailto:fedora-announce-list-request at redhat.com?subject=subscribe>
Sender: fedora-announce-list-bounces at redhat.com
Errors-To: fedora-announce-list-bounces at redhat.com
X-UCIRVINE-MailScanner: No viruses found
X-DRACO-MailScanner: Not checked for viruses
Status: O
X-Status: 
X-Keywords:                  
X-UID: 23

- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-220
2004-07-14
- ---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : ethereal
Version     : 0.10.5
Release     : 0.2.1
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

- ---------------------------------------------------------------------
Update Information:

  Issues have been discovered in the following protocol dissectors:

     * The iSNS dissector could make Ethereal abort in some cases. 
(0.10.3 - 0.10.4) CAN-2004-0633
     * SMB SID snooping could crash if there was no policy name for a 
handle. (0.9.15 - 0.10.4) CAN-2004-0634
     * The SNMP dissector could crash due to a malformed or missing 
community string. (0.8.15 - 0.10.4) CAN-2004-0635

Impact:

It may be possible to make Ethereal crash or run arbitrary code by 
injecting a purposefully malformed packet onto the wire or by convincing 
someone to read a malformed packet trace file.

Resolution:

Upgrade to 0.10.5.

If you are running a version prior to 0.10.5 and you cannot upgrade, you 
can disable all of the protocol dissectors listed above by selecting 
Analyze->Enabled Protocols... and deselecting them from the list. For 
SMB, you can alternatively disable SID snooping in the SMB protocol 
preferences. However, it is strongly recommended that you upgrade to 
0.10.5.
- ---------------------------------------------------------------------
* Fri Jul 09 2004 Phil Knirsch <pknirsch at redhat.com> 0.10.5-0.2.1

- - Update to ethereal-0.10.5 for security fixes.


- ---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

1f4254c343bbfa2c2e98d9bb49340a5f  SRPMS/ethereal-0.10.5-0.2.1.src.rpm
c98d1e9da160d1400592b947fe308b10  x86_64/ethereal-0.10.5-0.2.1.x86_64.rpm
ab66853ce5a23be083b8adad4dc9f9aa 
x86_64/ethereal-gnome-0.10.5-0.2.1.x86_64.rpm
ce1e4e540a4e84f96a9dbf7e0956aef5 
x86_64/debug/ethereal-debuginfo-0.10.5-0.2.1.x86_64.rpm
9bfbac5d3d743c8ef214724fb95a6356  i386/ethereal-0.10.5-0.2.1.i386.rpm
0b15320109ba9ee5bb1a4b32a7841e39  i386/ethereal-gnome-0.10.5-0.2.1.i386.rpm
ea18577656d29850cc438c9c2d0aec4c 
i386/debug/ethereal-debuginfo-0.10.5-0.2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------

- -- 
Philipp Knirsch      | Tel.:  +49-711-96437-470
Development          | Fax.:  +49-711-96437-111
Red Hat GmbH         | Email: Phil Knirsch <phil at redhat.de>
Hauptstaetterstr. 58 | Web:   http://www.redhat.de/
D-70178 Stuttgart
Motd:  You're only jealous cos the little penguins are talking to me.


- --
fedora-announce-list mailing list
fedora-announce-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

------- End of Forwarded Message

More information about the UCI-Linux mailing list