Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora Core 5 Ethereal 0.99.0-fc5.1 Critical Dissector Crashes

fedora
Calendar Grey April 25, 2006
Dist Fedora Esm H88
Numerous security fixes in Ethereal for Fedora Core 5 addressing critical threats and issues in dissectors.
Many security vulnerabilities have been fixed since the previous release. * The H.248 dissector could crash

Summary

Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for ethereal. A graphical user interface is packaged

separately to GTK+ package.

Update Information:

Many security vulnerabilities have been fixed since the previous release.

* The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937

* The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933

* The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937

* The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937

* The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937

* Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932

* The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935

* The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934

Under a grant funded by the U.S. Department of Homeland Security,...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical issue buffer overflow Fedora Core Ethereal infinite loop dissector crash

Change Log

References

Fedora Update Notification FEDORA-2006-456 2006-04-25
Product : Fedora Core 5 Name : ethereal Version : 0.99.0 Release : fc5.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package.

Update Instructions

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . -- fedora-announce-list mailing list fedora-announce-list@redhat.com

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora Core 5
Name: ethereal
Version: 0.99.0
Release: fc5.1
Summary: Network traffic analyzer

Topics%20covered

Topics Covered

security advisory critical issue buffer overflow Fedora Core Ethereal infinite loop dissector crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here