From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: bugtraq@securityfocus.com
Subject: MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilities
Message-Id: <E1CtBQQ-00047A-GQ@updates.mandrakesoft.com.>
Date: Mon, 24 Jan 2005 14:07:06 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ethereal
Advisory ID: MDKSA-2005:013
Date: January 24th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities were found in Ethereal, all of which are
fixed in version 0.10.9: The COPS dissector could go into an infinite
loop (CAN-2005-0006); the DLSw dissector could cause an assertion,
making Ethereal exit prematurely (CAN-2005-0007); the DNP dissector
could cause memory corruption (CAN-2005-0008); the Gnutella dissector
could cause an assertion, making Ethereal exit prematurely
(CAN-2005-0009); the MMSE dissector could free static memory
(CAN-2005-0010); and the X11 protocol dissector is vulnerable to a
string buffer overflow (CAN-2005-0084).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084http://www.ethereal.com/appnotes/enpa-sa-00017.html
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
c74b93a5f05c68eb7845c6d3a05d7ab5 10.0/RPMS/ethereal-0.10.9-0.1.100mdk.i586.rpm
bbdcd41fe80851a0248c8606f0f0ddba 10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
3ab0b6691827a4d228b2696efda24de1 amd64/10.0/RPMS/ethereal-0.10.9-0.1.100mdk.amd64.rpm
bbdcd41fe80851a0248c8606f0f0ddba amd64/10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm
Mandrakelinux 10.1:
72d299832f7340c675f9cf89aaad555f 10.1/RPMS/ethereal-0.10.9-0.1.101mdk.i586.rpm
646de9ee68b10dba30c6f7f0b9989f7d 10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.i586.rpm
48cb5ca4befde405416a9aa7c19b5556 10.1/RPMS/libethereal0-0.10.9-0.1.101mdk.i586.rpm
c3d5c5d06f7afd1e23f06f682188c03e 10.1/RPMS/tethereal-0.10.9-0.1.101mdk.i586.rpm
87e639367056153d74db172ebb8ca897 10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
f8852108acdeb991a2a2c06e225863d9 x86_64/10.1/RPMS/ethereal-0.10.9-0.1.101mdk.x86_64.rpm
3ee69f3876a7741ddeb8a79ac2229fb7 x86_64/10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.x86_64.rpm
edb8a0f7523320df5f30db3e872ef139 x86_64/10.1/RPMS/lib64ethereal0-0.10.9-0.1.101mdk.x86_64.rpm
6cf8367b84d5508cdaaa96e59f973ce8 x86_64/10.1/RPMS/tethereal-0.10.9-0.1.101mdk.x86_64.rpm
87e639367056153d74db172ebb8ca897 x86_64/10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB9WN6mqjQ0CJFipgRAqG4AKDti9Fj1khxPj88qvxE0gCmVRJA5gCfQ8KW
S0Z/tQAWhZM8zLyl08Is5Jo=
=Ymy9
-----END PGP SIGNATURE-----
