Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora: 2010-782 Major: Ethereal Memory Leak Impact and Fixes

fedora
Calendar Grey April 26, 2006
Dist Fedora Esm H88
Multiple vulnerabilities have been addressed in Fedora Core 4 for Wireshark 0.99.0, significantly improving both stability and security.
Many security vulnerabilities have been fixed since the previous release.

Summary

Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for ethereal. A graphical user interface is packaged

separately to GTK+ package.

Many security vulnerabilities have been fixed since the

previous release.

* The H.248 dissector could crash. Versions affected:

0.10.14.

CVE: CVE-2006-1937

* The UMA dissector could go into an infinite loop.

Versions affected: 0.10.12 - 0.10.14.

CVE: CVE-2006-1933

* The X.509if dissector could crash. Versions affected:

0.10.14.

CVE: CVE-2006-1937

* The SRVLOC dissector could crash. Versions affected:

0.10.0 - 0.10.14.

CVE: CVE-2006-1937

* The H.245 dissector could crash. Versions affected:

0.10.13 - 0.10.14.

CVE: CVE-2006-1937

* Ethereal's OID printing routine was susceptible to an

off-by-one error. Versions affected: 0.10.14.

CVE: CVE-2006-1932

* The COPS dissector could overflow a buffer. Versions

affected: 0.9.15 - 0.10.14.

CVE: CVE-2006-1935

* The ALCAP dissector could overflow a buffer. Versions

affected: 0.10.14.

CVE: CVE-2006-1934

Under a grant funded by the U.S. Department of Homeland

Security, Coverity has uncovered a number of vulnerabilities

in Ethereal:

* The statistics counter could crash Ethereal. Versions

affected: 0.10.10 - 0.10.14.

CVE: CVE-2006-1937

* Ethereal could crash while reading a malformed Sniffer

capture. Versions affected: 0.8.12 - 0.10.14.

CVE: CVE-2006-1938

* An invalid display filter could crash Ethereal.

Versions affected: 0.9.16 - 0.10.14.

CVE: CVE-2006-1939

* The general packet dissector could crash Ethereal.

Versions affected: 0.10.9 - 0.10.14.

CVE: CVE-2006-1937

* The AIM dissector could crash Ethereal. Versions

affected: 0.10.7 - 0.10.14.

CVE: CVE-2006-1937

* The RPC dissector could crash Ethereal. Versions

affected: 0.9.8 - 0.10.14.

CVE: CVE-2006-1939

* The DCERPC dissector could crash Ethereal. Versions

affected: 0.9.16 - 0.10.14.

CVE: CVE-2006-1939

* The ASN.1 dissector could crash Ethereal. Versions

affected: 0.9.8 - 0.10.14.

CVE: CVE-2006-1939

* The SMB PIPE dissector could crash Ethereal. Versions

affected: 0.8.20 - 0.10.14.

CVE: CVE-2006-1938

* The BER dissector could loop excessively. Versions

affected: 0.10.4 - 0.10.14.

CVE: CVE-2006-1933

* The SNDCP dissector could abort. Versions affected:

0.10.4 - 0.10.14.

CVE: CVE-2006-1940

* The Network Instruments file code could overrun a

buffer. Versions affected: 0.10.0 - 0.10.14.

CVE: CVE-2006-1934

* The NetXray/Windows Sniffer file code could overrun a

buffer. Versions affected: 0.10.13 - 0.10.14.

CVE: CVE-2006-1934

* The GSM SMS dissector could crash Ethereal. Versions

affected: 0.9.16 - 0.10.14.

CVE: CVE-2006-1939

* The ALCAP dissector could overrun a buffer. Versions

affected: 0.10.14.

CVE: CVE-2006-1934

* The telnet dissector could overrun a buffer. Versions

affected: 0.8.5 - 0.10.14.

CVE: CVE-2006-1936

* ASN.1-based dissectors could crash Ethereal. Versions

affected: 0.9.10 - 0.10.14.

CVE: CVE-2006-1939

* The H.248 dissector could crash Ethereal. Versions

affected: 0.10.11 - 0.10.14.

CVE: CVE-2006-1937

* The DCERPC NT dissector could crash Ethereal. Versions

affected: 0.9.14 - 0.10.14.

CVE: CVE-2006-1939

* The PER dissector could crash Ethereal. Versions

affected: 0.9.14 - 0.10.14.

CVE: CVE-2006-1939

- update to 0.99.0

- fix segfault when rearranging columns

462f828b3f5708f7a9225952e1b01f3a10c8c28f SRPMS/ethereal-0.99.0-fc4.1.src.rpm

10af5f56d3be8b24ba3cbd1930f5edfa02fefc4f ppc/ethereal-0.99.0-fc4.1.ppc.rpm

3c3424e8a2840994ed64e7071096a82567be076a ppc/ethereal-gnome-0.99.0-fc4.1.ppc.rpm

6ee0df23b23b6b52587d3041b5b8435fcf9b7f18 ppc/debug/ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm

2f9a992da291462ff8496525352b809f0338c2b4 x86_64/ethereal-0.99.0-fc4.1.x86_64.rpm

ba97833a340bb014beb26e6a74b0ed4a4169bc2f x86_64/ethereal-gnome-0.99.0-fc4.1.x86_64.rpm

8d03f722713ee6e55cefc149af72440733f0d48f x86_64/debug/ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm

6a24e66c6d732387713af9f83a6cd01508f2c73f i386/ethereal-0.99.0-fc4.1.i386.rpm

bf074656cfb1a0bf70264fd27a08ad0cc3602110 i386/ethereal-gnome-0.99.0-fc4.1.i386.rpm

9323b27214f01f1dc34a082ff1c5961773319f9b i386/debug/ethereal-debuginfo-0.99.0-fc4.1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com

Topics%20covered

Topics Covered

security advisory software update Fedora ethereal memory leak major

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ethereal
Version: 0.99.0
Release: fc4.1
Summary: Network traffic analyzer

Topics%20covered

Topics Covered

security advisory software update Fedora ethereal memory leak major

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here