Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
202
security advisorymoderatemalformed packetopenSUSE 15.6: Wireshark Moderate SSH Crash CVE-2025-9817
An update that solves one vulnerability can now be installed.. # Security update for wireshark Announcement ID: SUSE-SU-2025:03294-1 Release Date: 2025-09-22T14:11:03Z Rating: moderate References: * bsc#1249090 Cross-References: * CVE-2025-9817 CVSS scores: * CVE-2025-9817 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-9817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-9817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: * CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces (bsc#1249090). Other issues fixed: * Bug in UDS dissector with Service ReadDataByPeriodicIdentifier Response. * Incorrectly parsed `application/x-www-form-urlencoded` key following a name- value byte sequence with no `=`. * DNP3 time stamp not working after epoch time (year 2038). * Bug in LZ77 decoder; reads a 16-bit length when it should read a 32-bit length. * Further features, bug fixes and updated protocol support as listed in: * https://www.wireshark.org/docs/relnotes/wireshark-4.2.13.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_updateor "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3294=1 openSUSE-SLE-15.6-2025-3294=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3294=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3294=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3294=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3294=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * wireshark-4.2.13-150600.18.26.1 * libwireshark17-debuginfo-4.2.13-150600.18.26.1 * wireshark-ui-qt-4.2.13-150600.18.26.1 * wireshark-devel-4.2.13-150600.18.26.1 * wireshark-debugsource-4.2.13-150600.18.26.1 * libwireshark17-4.2.13-150600.18.26.1 * libwiretap14-4.2.13-150600.18.26.1 * wireshark-ui-qt-debuginfo-4.2.13-150600.18.26.1 * libwiretap14-debuginfo-4.2.13-150600.18.26.1 * libwsutil15-4.2.13-150600.18.26.1 * libwsutil15-debuginfo-4.2.13-150600.18.26.1 * wireshark-debuginfo-4.2.13-150600.18.26.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * wireshark-4.2.13-150600.18.26.1 * libwireshark17-debuginfo-4.2.13-150600.18.26.1 * wireshark-debugsource-4.2.13-150600.18.26.1 * libwireshark17-4.2.13-150600.18.26.1 * libwiretap14-4.2.13-150600.18.26.1 * libwiretap14-debuginfo-4.2.13-150600.18.26.1 * libwsutil15-4.2.13-150600.18.26.1 * libwsutil15-debuginfo-4.2.13-150600.18.26.1 * wireshark-debuginfo-4.2.13-150600.18.26.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * wireshark-4.2.13-150600.18.26.1 * libwireshark17-debuginfo-4.2.13-150600.18.26.1 * wireshark-debugsource-4.2.13-150600.18.26.1 * libwireshark17-4.2.13-150600.18.26.1 * libwiretap14-4.2.13-150600.18.26.1 *libwiretap14-debuginfo-4.2.13-150600.18.26.1 * libwsutil15-4.2.13-150600.18.26.1 * libwsutil15-debuginfo-4.2.13-150600.18.26.1 * wireshark-debuginfo-4.2.13-150600.18.26.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-4.2.13-150600.18.26.1 * wireshark-devel-4.2.13-150600.18.26.1 * wireshark-debugsource-4.2.13-150600.18.26.1 * wireshark-ui-qt-debuginfo-4.2.13-150600.18.26.1 * wireshark-debuginfo-4.2.13-150600.18.26.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-4.2.13-150600.18.26.1 * wireshark-devel-4.2.13-150600.18.26.1 * wireshark-debugsource-4.2.13-150600.18.26.1 * wireshark-ui-qt-debuginfo-4.2.13-150600.18.26.1 * wireshark-debuginfo-4.2.13-150600.18.26.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9817.html * https://bugzilla.suse.com/show_bug.cgi?id=1249090 . Important enhancement for Fedora's GDB has resolved a significant buffer overflow issue in the HTTP module, increasing overall system protection.. openSUSE Wireshark SSH update security patch. . LinuxSecurity.com Team
Sep 22, 2025
OpenSUSE
203
security advisorybuffer overflowcriticalMageia 9: MGASA-2024-0225 Critical: Libndp Buffer Overflow Threat
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. . MGASA-2024-0225 - Updated libndp packages fix security vulnerabilities Publication date: 17 Jun 2024 URL: https://advisories.mageia.org/MGASA-2024-0225.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-5564 A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. References: - https://bugs.mageia.org/show_bug.cgi?id=33304 - https://ubuntu.com/security/notices/USN-6830-1 - https://www.cve.org/CVERecord?id=CVE-2024-5564 SRPMS: - 9/core/libndp-1.8-2.1.mga9 . Recent libndp updates in Mageia address a severe buffer overflow vulnerability caused by improperly formatted IPv6 packets.. Mageia Security Advisory, Buffer Overflow Fix, Libndp Update. . Severity: Critical. LinuxSecurity.com Team
Jun 17, 2024
•Critical
Mageia
98
security advisorymoderatesecurity updateRed Hat Enterprise Linux: RHSA-2006:0726-01 Moderate Malformed Packet Risk
New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2006:0726-01 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0726.html Issue date: 2006-11-09 Updated on: 2006-11-09 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740 - ---------------------------------------------------------------------1. Summary: New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Wireshark is a program for monitoring network traffic. Several flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT protocol dissectors. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4805, CVE-2006-5468,CVE-2006-5469, CVE-2006-5740) A single NULL byte heap based buffer overflow was found in Wireshark's MIME Multipart dissector. Wireshark could crash or possibly execute arbitrary arbitrary code as the user running Wireshark. (CVE-2006-4574) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 211993 - CVE-2006-4574 Multiple Wireshark issues (CVE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 0044a0fccca9671b0733bacd5953e56b wireshark-0.99.4-AS21.1.src.rpm i386: b74bd883b6fa0bd1c1aaa87fefb94f23 wireshark-0.99.4-AS21.1.i386.rpm 4240d003577952c65242b04388b664e6 wireshark-gnome-0.99.4-AS21.1.i386.rpm ia64: 0b569ad061f9815fdb7a52959701852e wireshark-0.99.4-AS21.1.ia64.rpm f33a6afaf448d5be1a91da35a2699b41 wireshark-gnome-0.99.4-AS21.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: 0044a0fccca9671b0733bacd5953e56b wireshark-0.99.4-AS21.1.src.rpm ia64: 0b569ad061f9815fdb7a52959701852e wireshark-0.99.4-AS21.1.ia64.rpm f33a6afaf448d5be1a91da35a2699b41 wireshark-gnome-0.99.4-AS21.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: 0044a0fccca9671b0733bacd5953e56b wireshark-0.99.4-AS21.1.src.rpm i386: b74bd883b6fa0bd1c1aaa87fefb94f23 wireshark-0.99.4-AS21.1.i386.rpm 4240d003577952c65242b04388b664e6 wireshark-gnome-0.99.4-AS21.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 0044a0fccca9671b0733bacd5953e56b wireshark-0.99.4-AS21.1.src.rpm i386: b74bd883b6fa0bd1c1aaa87fefb94f23 wireshark-0.99.4-AS21.1.i386.rpm 4240d003577952c65242b04388b664e6 wireshark-gnome-0.99.4-AS21.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: 4d59c60c99a374f67ffcb7392783549a wireshark-0.99.4-EL3.1.src.rpm i386: f71c6c6b2c855f5576e907aeef50191e wireshark-0.99.4-EL3.1.i386.rpm 35a9915c3ae5a22ab1a76bd5d6d7c422 wireshark-debuginfo-0.99.4-EL3.1.i386.rpm 6861386ad3bbd70399012c74d7509e71 wireshark-gnome-0.99.4-EL3.1.i386.rpm ia64: 03e212be1a5dc7434628fa234c31bfc6 wireshark-0.99.4-EL3.1.ia64.rpm 72b5a6647025addf98b7699a865834fc wireshark-debuginfo-0.99.4-EL3.1.ia64.rpm 5744bab221aeb6f132e1038c6690347a wireshark-gnome-0.99.4-EL3.1.ia64.rpm ppc: f20fd0fe2fd6aa43d504a7c237b6ee17 wireshark-0.99.4-EL3.1.ppc.rpm fc5232d9c54292e069522e3b6a2bec97 wireshark-debuginfo-0.99.4-EL3.1.ppc.rpm 5c901cb605c1ce1868af805df479217f wireshark-gnome-0.99.4-EL3.1.ppc.rpm s390: 01b7661dfef18533ba69210e66dc0b73 wireshark-0.99.4-EL3.1.s390.rpm f37b3d3d51c5043fedc31d66dc197770 wireshark-debuginfo-0.99.4-EL3.1.s390.rpm 918a15ce4e05fe2be3556ed1e62c7d05 wireshark-gnome-0.99.4-EL3.1.s390.rpm s390x: 8c93a7af1347075dbb663fcd26e2741d wireshark-0.99.4-EL3.1.s390x.rpm 87229e0ccd2cd2d9c4402b388f4546c8 wireshark-debuginfo-0.99.4-EL3.1.s390x.rpm f44b0ee5d41d4ecd0622210fcf0ef6f4 wireshark-gnome-0.99.4-EL3.1.s390x.rpm x86_64: 7bed2f6949e0764ecbd1363a69383b09 wireshark-0.99.4-EL3.1.x86_64.rpm 3d843711818a31fdc2a53b6e68f5dd1b wireshark-debuginfo-0.99.4-EL3.1.x86_64.rpm 41685c568cb33f8a98648ca637a2d7a4 wireshark-gnome-0.99.4-EL3.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: 4d59c60c99a374f67ffcb7392783549a wireshark-0.99.4-EL3.1.src.rpm i386: f71c6c6b2c855f5576e907aeef50191e wireshark-0.99.4-EL3.1.i386.rpm 35a9915c3ae5a22ab1a76bd5d6d7c422 wireshark-debuginfo-0.99.4-EL3.1.i386.rpm 6861386ad3bbd70399012c74d7509e71 wireshark-gnome-0.99.4-EL3.1.i386.rpm x86_64: 7bed2f6949e0764ecbd1363a69383b09 wireshark-0.99.4-EL3.1.x86_64.rpm 3d843711818a31fdc2a53b6e68f5dd1b wireshark-debuginfo-0.99.4-EL3.1.x86_64.rpm 41685c568cb33f8a98648ca637a2d7a4 wireshark-gnome-0.99.4-EL3.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 4d59c60c99a374f67ffcb7392783549a wireshark-0.99.4-EL3.1.src.rpm i386: f71c6c6b2c855f5576e907aeef50191e wireshark-0.99.4-EL3.1.i386.rpm 35a9915c3ae5a22ab1a76bd5d6d7c422 wireshark-debuginfo-0.99.4-EL3.1.i386.rpm 6861386ad3bbd70399012c74d7509e71 wireshark-gnome-0.99.4-EL3.1.i386.rpm ia64: 03e212be1a5dc7434628fa234c31bfc6 wireshark-0.99.4-EL3.1.ia64.rpm 72b5a6647025addf98b7699a865834fc wireshark-debuginfo-0.99.4-EL3.1.ia64.rpm 5744bab221aeb6f132e1038c6690347a wireshark-gnome-0.99.4-EL3.1.ia64.rpm x86_64: 7bed2f6949e0764ecbd1363a69383b09 wireshark-0.99.4-EL3.1.x86_64.rpm 3d843711818a31fdc2a53b6e68f5dd1b wireshark-debuginfo-0.99.4-EL3.1.x86_64.rpm 41685c568cb33f8a98648ca637a2d7a4 wireshark-gnome-0.99.4-EL3.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 4d59c60c99a374f67ffcb7392783549a wireshark-0.99.4-EL3.1.src.rpm i386: f71c6c6b2c855f5576e907aeef50191e wireshark-0.99.4-EL3.1.i386.rpm 35a9915c3ae5a22ab1a76bd5d6d7c422 wireshark-debuginfo-0.99.4-EL3.1.i386.rpm 6861386ad3bbd70399012c74d7509e71 wireshark-gnome-0.99.4-EL3.1.i386.rpm ia64: 03e212be1a5dc7434628fa234c31bfc6 wireshark-0.99.4-EL3.1.ia64.rpm 72b5a6647025addf98b7699a865834fc wireshark-debuginfo-0.99.4-EL3.1.ia64.rpm 5744bab221aeb6f132e1038c6690347a wireshark-gnome-0.99.4-EL3.1.ia64.rpm x86_64: 7bed2f6949e0764ecbd1363a69383b09 wireshark-0.99.4-EL3.1.x86_64.rpm 3d843711818a31fdc2a53b6e68f5dd1b wireshark-debuginfo-0.99.4-EL3.1.x86_64.rpm 41685c568cb33f8a98648ca637a2d7a4 wireshark-gnome-0.99.4-EL3.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: b1a38e3fa8fd9c7c48a0656379ab7d8f wireshark-0.99.4-EL4.1.src.rpm i386: c928c01ee33bc8bb911a7b0cae309211 wireshark-0.99.4-EL4.1.i386.rpm d741948a5eab62bc83e4355e1dd7833a wireshark-debuginfo-0.99.4-EL4.1.i386.rpm 129275da7e12c989135c107493bfd1b6 wireshark-gnome-0.99.4-EL4.1.i386.rpm ia64: 13015d70892b94b5c1ef57ad6c3d2a3e wireshark-0.99.4-EL4.1.ia64.rpm eb2225ef824146be3c9fbfa65e79898e wireshark-debuginfo-0.99.4-EL4.1.ia64.rpm 9d3e24a1f93e3439817eae3403293ed6 wireshark-gnome-0.99.4-EL4.1.ia64.rpm ppc: b9b57ad476bf11236cc17db38c80011a wireshark-0.99.4-EL4.1.ppc.rpm 18b660267144802a5a4a63201368ece6 wireshark-debuginfo-0.99.4-EL4.1.ppc.rpm 5c8e0feb48e0b59a7ee7db132f2d0d0d wireshark-gnome-0.99.4-EL4.1.ppc.rpm s390: 2ee68666a5c43132ba15d72d6edcd40f wireshark-0.99.4-EL4.1.s390.rpm 74c6c26f4e51ba06f63eab2613c8ab2e wireshark-debuginfo-0.99.4-EL4.1.s390.rpm a0fe55b1d72438d52249191450eb833c wireshark-gnome-0.99.4-EL4.1.s390.rpm s390x: 807c2940f8091242fe13e6278ec7b4b2 wireshark-0.99.4-EL4.1.s390x.rpm 903b1eb1e5d20288be64df9639ac5352 wireshark-debuginfo-0.99.4-EL4.1.s390x.rpm 005596f5c35bcef053c923be315a0610 wireshark-gnome-0.99.4-EL4.1.s390x.rpm x86_64: f6e29f056b7b6ec894ffa15f1e3c28a9 wireshark-0.99.4-EL4.1.x86_64.rpm 4041f21163382e20847cd2a1fa18bb1b wireshark-debuginfo-0.99.4-EL4.1.x86_64.rpm 775d4bd277c4a86edf54c7b87c15f167 wireshark-gnome-0.99.4-EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: b1a38e3fa8fd9c7c48a0656379ab7d8f wireshark-0.99.4-EL4.1.src.rpm i386: c928c01ee33bc8bb911a7b0cae309211 wireshark-0.99.4-EL4.1.i386.rpm d741948a5eab62bc83e4355e1dd7833a wireshark-debuginfo-0.99.4-EL4.1.i386.rpm 129275da7e12c989135c107493bfd1b6 wireshark-gnome-0.99.4-EL4.1.i386.rpm x86_64: f6e29f056b7b6ec894ffa15f1e3c28a9 wireshark-0.99.4-EL4.1.x86_64.rpm 4041f21163382e20847cd2a1fa18bb1b wireshark-debuginfo-0.99.4-EL4.1.x86_64.rpm 775d4bd277c4a86edf54c7b87c15f167 wireshark-gnome-0.99.4-EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: b1a38e3fa8fd9c7c48a0656379ab7d8f wireshark-0.99.4-EL4.1.src.rpm i386: c928c01ee33bc8bb911a7b0cae309211 wireshark-0.99.4-EL4.1.i386.rpm d741948a5eab62bc83e4355e1dd7833a wireshark-debuginfo-0.99.4-EL4.1.i386.rpm 129275da7e12c989135c107493bfd1b6 wireshark-gnome-0.99.4-EL4.1.i386.rpm ia64: 13015d70892b94b5c1ef57ad6c3d2a3e wireshark-0.99.4-EL4.1.ia64.rpm eb2225ef824146be3c9fbfa65e79898e wireshark-debuginfo-0.99.4-EL4.1.ia64.rpm 9d3e24a1f93e3439817eae3403293ed6 wireshark-gnome-0.99.4-EL4.1.ia64.rpm x86_64: f6e29f056b7b6ec894ffa15f1e3c28a9 wireshark-0.99.4-EL4.1.x86_64.rpm 4041f21163382e20847cd2a1fa18bb1b wireshark-debuginfo-0.99.4-EL4.1.x86_64.rpm 775d4bd277c4a86edf54c7b87c15f167 wireshark-gnome-0.99.4-EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: b1a38e3fa8fd9c7c48a0656379ab7d8f wireshark-0.99.4-EL4.1.src.rpm i386: c928c01ee33bc8bb911a7b0cae309211 wireshark-0.99.4-EL4.1.i386.rpm d741948a5eab62bc83e4355e1dd7833a wireshark-debuginfo-0.99.4-EL4.1.i386.rpm 129275da7e12c989135c107493bfd1b6 wireshark-gnome-0.99.4-EL4.1.i386.rpm ia64: 13015d70892b94b5c1ef57ad6c3d2a3e wireshark-0.99.4-EL4.1.ia64.rpm eb2225ef824146be3c9fbfa65e79898e wireshark-debuginfo-0.99.4-EL4.1.ia64.rpm 9d3e24a1f93e3439817eae3403293ed6 wireshark-gnome-0.99.4-EL4.1.ia64.rpm x86_64: f6e29f056b7b6ec894ffa15f1e3c28a9 wireshark-0.99.4-EL4.1.x86_64.rpm 4041f21163382e20847cd2a1fa18bb1b wireshark-debuginfo-0.99.4-EL4.1.x86_64.rpm 775d4bd277c4a86edf54c7b87c15f167 wireshark-gnome-0.99.4-EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2006-4574 https://www.cve.org/CVERecord?id=CVE-2006-4805 https://www.cve.org/CVERecord?id=CVE-2006-5468 https://www.cve.org/CVERecord?id=CVE-2006-5469 https://www.cve.org/CVERecord?id=CVE-2006-5740 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2006 Red Hat, Inc. . The advisory from Red Hat outlines critical security enhancements in Wireshark with reference RHSA-2006:0726-01, tackling multiple vulnerabilities and associated risks.. Red Hat Security, Wireshark Patch, Networking Security, Red Hat Update. . LinuxSecurity.com Team
Nov 09, 2006
Red Hat
89
security advisoryhigh severityFedoraFedora: 2003-040 High Severity: Ethereal Malformed Packet Crashes
Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code.. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2003-040 2003-12-18 --------------------------------------------------------------------- Name : ethereal Version : 0.10.0a Release : 0.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package. --------------------------------------------------------------------- Update Information: Serious issues have been discovered in the following protocol dissectors: * Selecting "Match-> Selected" or "Prepare-> Selected" for a malformed SMB packet could cause a segmentation fault. * It is possible for the Q.931 dissector to dereference a null pointer when reading a malformed packet. Impact: Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code. Resolution: Upgrade to 0.10.0. If you are running a version prior to 0.10.0 and you cannot upgrade, you can disable the SMB and Q.931 protocol dissectors by selecting Edit-> Protocols... and deselecting them from the list. --------------------------------------------------------------------- * Wed Dec 17 2003 Phil Knirsch 0.10.0a-0.1 - Update to latest upstream version 0.10.0a - Fixed plugins problem. --------------------------------------------------------------------- This update can be downloaded from: 5ac28be19cc9b3113b6c339aed1c5f33 SRPMS/ethereal-0.10.0a-0.1.src.rpm 5e295a50ac358b0edd4828d39da04a9e i386/ethereal-0.10.0a-0.1.i386.rpm 8b0add410bf1e84f44f1e93c91a29596 i386/ethereal-gnome-0.10.0a-0.1.i386.rpm 0cf3428ab5d3ec2fdf8b415d79b5d9db i386/debug/ethereal-debuginfo-0.10.0a-0.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Philipp Knirsch | Tel.: +49-711-96437-470 Development | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch Hauptstaetterstr. 58 | Web: Red Hat DACH-Region D-70178 Stuttgart Motd: You're only jealous cos the little penguins are talking to me. -- fedora-announce-list mailing list
Dec 19, 2003
•Critical
Fedora
98
security advisoryRed Hat Powertoolsprivilege escalationRed Hat Powertools: RHSA-2002:030-08 High: RADIUS Malformed Packet Risk
Various vulnerabilities have been found in CistronRADIUS as well as other RADIUS servers and clients.In versions of Cistron RADIUS 1.6.5 and earlier, malformed packets could beused to gain additional privileges.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated radiusd-cistron packages are available Advisory ID: RHSA-2002:030-08 Issue date: 2002-02-20 Updated on: 2002-03-04 Product: Red Hat Powertools Keywords: radius radiusd malformed packet Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: Updated radiusd-cistron packages, which fix various security issues, are now available. 2. Relevant releases/architectures: Red Hat Powertools 7.0 - alpha, i386 Red Hat Powertools 7.1 - alpha, i386 3. Problem description: The radiusd-cistron package contains a server daemon for the Remote Authentication Dial-In User Server (RADIUS) client/server security protocol. Various vulnerabilities have been found in Cistron RADIUS as well as other RADIUS servers and clients. In versions of Cistron RADIUS 1.6.5 and earlier, malformed packets could be used to gain additional privileges. All users of Cistron RADIUS are advised to upgrade to version 1.6.6, which is not vulnerable to these issues. Pay special attention to the installation instructions in the Solution section as they vary significantly from the usual update method. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is currently not available through Red Hat Network. Due to a bug in previously released versions, the original package must be removed, and the new package must be installed to apply this update (as root): # /sbin/service radiusd stop # /sbin/chkconfig --del radiusd # rpm -e --noscripts radiusd-cistron # rpm -ivhradiusd-cistron-1.6.6-2.[arch].rpm where [arch] is the architecture. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Powertools 7.0: SRPMS: alpha: i386: Red Hat Powertools 7.1: SRPMS: alpha: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 398e46f80c48654b26a2c484e264b485 7.0/en/powertools/SRPMS/radiusd-cistron-1.6.6-2.src.rpm 080c782aeb81f4a0e4dda4e31efbe660 7.0/en/powertools/alpha/radiusd-cistron-1.6.6-2.alpha.rpm b5c937f5e48d4d3484b64e20f8785b4a 7.0/en/powertools/i386/radiusd-cistron-1.6.6-2.i386.rpm 398e46f80c48654b26a2c484e264b485 7.1/en/powertools/SRPMS/radiusd-cistron-1.6.6-2.src.rpm 080c782aeb81f4a0e4dda4e31efbe660 7.1/en/powertools/alpha/radiusd-cistron-1.6.6-2.alpha.rpm b5c937f5e48d4d3484b64e20f8785b4a 7.1/en/powertools/i386/radiusd-cistron-1.6.6-2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: cert cert Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `. Updated Cistron RADIUS package for Red Hat Powertools fixes important privilege escalation issues and vulnerabilities.. Cistron RADIUS, Red Hat Powertools, privilege escalation, security fix. . Severity: Important. LinuxSecurity.com Team
Mar 04, 2002
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!