User: Password:
|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2006-860 (wireshark)

From:  "Radek Vokal" <rvokal@redhat.com>
To:  fedora-package-announce@redhat.com
Subject:  [SECURITY] Fedora Core 5 Update: wireshark-0.99.2-fc5.2
Date:  Fri, 28 Jul 2006 11:45:03 -0400

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2006-860 2006-07-28 --------------------------------------------------------------------- Product : Fedora Core 5 Name : wireshark Version : 0.99.2 Release : fc5.2 Summary : Network traffic analyzer Description : Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. --------------------------------------------------------------------- Update Information: Versions affected: 0.8.16 up to and including 0.99.0 Details Description Wireshark 0.99.2 fixes the following vulnerabilities: * The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627 Ilja van Sprundel discovered the following vulnerabilities: * The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628 * The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628 * The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628 * The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 * The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629 * The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630 * The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 * The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631 * The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632 Impact It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 0.99.2. --------------------------------------------------------------------- * Wed Jul 26 2006 Radek Vokal <rvokal@redhat.com> 0.99.2-fc5.2 - fix BuildRequires * Tue Jul 25 2006 Radek Vokal <rvokal@redhat.com> 0.99.2-fc5.1 - build for FC5 * Tue Jul 18 2006 Radek Vokál <rvokal@redhat.com> 0.99.2-1 - upgrade to 0.99.2 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.99.2-0.pre1.1 - rebuild * Tue Jul 11 2006 Radek Vokál <rvokal@redhat.com> 0.99.2-0.pre1 - upgrade to 0.99.2pre1, fixes (#198242) * Tue Jun 13 2006 Radek Vokal <rvokal@redhat.com> 0.99.1-0.pre1 - spec file changes * Fri Jun 9 2006 Radek Vokal <rvokal@redhat.com> 0.99.1pre1-1 - initial build for Fedora Core --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/u... f1d9b2cef1401a5f2de96e94c6abca2e32255129 SRPMS/wireshark-0.99.2-fc5.2.src.rpm f1d9b2cef1401a5f2de96e94c6abca2e32255129 noarch/wireshark-0.99.2-fc5.2.src.rpm ae0b87f149021f18217e6e1efdd7826a64f73c95 ppc/wireshark-0.99.2-fc5.2.ppc.rpm 5ad8121ba4bacc956691a992e87c264753e20152 ppc/wireshark-gnome-0.99.2-fc5.2.ppc.rpm 3d592a657a1e919cd236130a44307bac46652d33 ppc/debug/wireshark-debuginfo-0.99.2-fc5.2.ppc.rpm 94bbe410546b308e395531b3664f1961867d8cce x86_64/wireshark-gnome-0.99.2-fc5.2.x86_64.rpm 4148be8dbb210052648edbd372ce0c7c5eecaeeb x86_64/wireshark-0.99.2-fc5.2.x86_64.rpm aa2f5af96bc0bafb6cf3f0ce16bf4bf48bc04418 x86_64/debug/wireshark-debuginfo-0.99.2-fc5.2.x86_64.rpm f601eb9e09760675498d931bb6fbce54c6f9e123 i386/wireshark-gnome-0.99.2-fc5.2.i386.rpm 67cd230efa9175b2d322f8e238dc8fcfa5bcda57 i386/wireshark-0.99.2-fc5.2.i386.rpm 4c072da9fadc48a4eace524448979c9375e6043e i386/debug/wireshark-debuginfo-0.99.2-fc5.2.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds