Mageia alert MGASA-2012-0214 (ettercap)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0214: ettercap-0.7.4.1-1.1.mga2
 (2/core) 
Date:
    	       Sun, 12 Aug 2012 21:42:30 +0200
Message-ID:
    	       <20120812194230.GA9460@valstar.mageia.org>

MGASA-2012-0214
Date: 	August 12th, 2012
Affected releases: 	2

Description:
Updated ettercap package fixes security vulnerability:

The GTK version of ettercap uses a global settings file at
/tmp/.ettercap_gtk and does not verify ownership of this file. When
parsing this file for settings in gtkui_conf_read()
(src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows
a maliciously placed settings file to overflow a statically-sized
buffer on the stack (CVE-2010-3843).

Updated Packages:
ettercap-0.7.4.1-1.1.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3843
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=6988
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2012-0214: ettercap-0.7.4.1-1.1.mga2 (2/core)
Date:		Sun, 12 Aug 2012 21:42:30 +0200
Message-ID:		<20120812194230.GA9460@valstar.mageia.org>