User: Password:
Subscribe / Log in / New account

Conectiva alert CLA-2005:942 (ethereal)

From:  Conectiva Updates <>
Subject:  [CLA-2005:942] Conectiva Security Announcement - ethereal
Date:  Mon, 28 Mar 2005 13:56:33 -0300

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : ethereal SUMMARY : Fixes for security vulnerabilities in ethereal DATE : 2005-03-28 13:52:00 ID : CLA-2005:942 RELEVANT RELEASES : 9, 10 - ------------------------------------------------------------------------- DESCRIPTION Ethereal[1] is a powerful network traffic analyzer with a graphical user interface (GUI). This update fixes several vulnerabilities[2,3] in ethereal: CAN-2005-0006[4]: The COPS dissector could go into an infinite loop. CAN-2005-0007[5]: The DLSw dissector could cause an assertion, making Ethereal exit prematurely. CAN-2005-0008[6]: The DNP dissector could cause memory corruption. CAN-2005-0009[7]: The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. CAN-2005-0010[8]: The MMSE dissector could free static memory. CAN-2005-0084[9]: The X11 protocol dissector is vulnerable to a string buffer overflow. CAN-2005-0699[10]: Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. CAN-2005-0704[11]: Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CAN-2005-0705[12]: The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. CAN-2005-0739[13]: Leon Juranic discovered a buffer overflow in the IAPP dissector. Also, it fixes other two issues: a bug in the JXTA and sFlow dissectors that could make Ethereal crash. SOLUTION It is recommended that all ethereal users upgrade their packages. REFERENCES 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. UPDATED PACKAGES ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions regarding the use of apt and upgrade examples can be found at - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at Instructions on how to check the signatures of the RPM packages can be found at - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at - ------------------------------------------------------------------------- Copyright (c) 2004 Conectiva Inc. - ------------------------------------------------------------------------- subscribe: unsubscribe: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see iD8DBQFCSDc/42jd0JmAcZARAtT2AJ9CfAnH48ketSlgLrjR/iKLyPdoWACg1rXe eI8d4mT9sAyuc3Im4fqCwyI= =tztA -----END PGP SIGNATURE-----

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds