| |||||||||||||
Gentoo alert 200306-13 (ethereal)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-13 - - - --------------------------------------------------------------------- PACKAGE : ethereal SUMMARY : arbitrary code execution DATE : 2003-06-25 22:36 UTC EXPLOIT : remote VERSIONS AFFECTED : <ethereal-0.9.13 FIXED VERSION : >=ethereal-0.9.13 CVE : CAN-2003-0432 - - - --------------------------------------------------------------------- from advisory: "It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file." Read the full advisory at http://www.ethereal.com/appnotes/enpa-sa-00010.html SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal upgrade to ethereal as follows emerge sync emerge ethereal emerge clean - - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE++iPvfT7nyhUpoZMRAvKBAKC3lQKGHRq0fGTEdpFcoP3JJcxjrgCdEbQ9 sUBm1GkCmTqjoIrZFHzJS3s= =5vaU -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||