Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Critical Vulnerabilities in Ethereal Causing DoS in Fedora Core 2: 2004-154

fedora
Calendar Grey June 8, 2004
Dist Fedora Esm H88
An update for Ethereal on Fedora addresses issues related to DoS threats and buffer overflow vulnerabilities impacting the network monitoring application.
This patch fixes three DoS vulns and a buffer overflow.

Summary

Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for ethereal. A graphical user interface is packaged

separately to GTK+ package.

Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for ethereal. A graphical user interface is packaged

separately to GTK+ package.

Update Information:

Issues have been discovered in the following protocol dissectors:

* A SIP packet could make Ethereal crash under specific conditions, as described in the following message:

(0.10.3). * The AIM dissector could throw an assertion, causing Ethereal to terminate abnormally (0.10.3). * It was possible for the SPNEGO dissector to dereference a null pointer, causing a crash (0.9.8 to 0.10.3). * The MMSE dissector was susceptible to a buffer overflow. (0.10.1 to 0.10.3).

All users of the Ethereal package are strongly encouraged to update to these latest packages.

* Tue Jun 01 2004 Phil Knirsch <pknirsch@redhat.com> 0.10.3-2.1

- Included backported security fixes from ethereal-0.10.4


This update can be downloaded from:


047f4b58fc2ce78dff5f7f27d588faa7 SRPMS/ethereal-0.10.3-2.1.src.rpm c5954b26aa5e448eb7a1ad1d9ac08692 i386/ethereal-0.10.3-2.1.i386.rpm 052063b1167471b6fcedfa7222a2fc4c i386/ethereal-gnome-0.10.3-2.1.i386.rpm 625e6397e449a2025a4b87fa3724e9cc i386/...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update buffer overflow DoS Fedora Core Ethereal network analyzer

Change Log

References

CORE 2:
Fedora Update Notification FEDORA-2004-153 2004-06-03
Product : Fedora Core 2 Name : ethereal Version : 0.10.3 Release : 2.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package.

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora Core 2
Name: ethereal
Version: 0.10.3
Release: 2.1
Summary: Network traffic analyzer
Product: Fedora Core 1
Name: ethereal
Version: 0.10.3
Release: 0.1.1
Summary: Network traffic analyzer

Topics%20covered

Topics Covered

security advisory update buffer overflow DoS Fedora Core Ethereal network analyzer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here