Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities
From: Mandriva Security Team <security () mandriva com>
Date: Tue, 25 Oct 2005 20:59:11 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:193
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ethereal
 Date    : October 25, 2005
 Affected: 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Ethereal 0.10.13 is now available fixing a number of security
 vulnerabilities in various dissectors:
 
 - the ISAKMP dissector could exhaust system memory
 - the FC-FCS dissector could exhaust system memory
 - the RSVP dissector could exhaust system memory
 - the ISIS LSP dissector could exhaust system memory
 - the IrDA dissector could crash
 - the SLIMP3 dissector could overflow a buffer
 - the BER dissector was susceptible to an infinite loop
 - the SCSI dissector could dereference a null pointer and crash
 - the sFlow dissector could dereference a null pointer and crash
 - the RTnet dissector could dereference a null pointer and crash
 - the SigComp UDVM could go into an infinite loop or crash
 - the X11 dissector could attempt to divide by zero
 - if SMB transaction payload reassembly is enabled the SMB dissector
   could crash (by default this is disabled)
 - if the "Dissect unknown RPC program numbers" option was enabled, the
   ONC RPC dissector might be able to exhaust system memory (by default
   this is disabled)
 - the AgentX dissector could overflow a buffer
 - the WSP dissector could free an invalid pointer
 - iDEFENSE discovered a buffer overflow in the SRVLOC dissector
 
 The new version of Ethereal is provided and corrects all of these
 issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3241
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3242
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3243
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3244
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3245
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3246
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3247
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3248
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3249
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3184
 http://www.ethereal.com/appnotes/enpa-sa-00021.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 a4a8fdc8455a04fa59403c109e66ed89  10.2/RPMS/ethereal-0.10.13-0.1.102mdk.i586.rpm
 a54511a764592c5fddcb98a9fa8663c9  10.2/RPMS/ethereal-tools-0.10.13-0.1.102mdk.i586.rpm
 6a53e0f7a132d6520f224c67b0dc5dc2  10.2/RPMS/libethereal0-0.10.13-0.1.102mdk.i586.rpm
 be7bb0c3ac28f631c97f07d55bfc8c71  10.2/RPMS/tethereal-0.10.13-0.1.102mdk.i586.rpm
 a0877c50091971fc9f23806ed92221da  10.2/SRPMS/ethereal-0.10.13-0.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 a4905e8eb45acaa645577a4bc4900cce  x86_64/10.2/RPMS/ethereal-0.10.13-0.1.102mdk.x86_64.rpm
 245aceadf58166897585d29a92996102  x86_64/10.2/RPMS/ethereal-tools-0.10.13-0.1.102mdk.x86_64.rpm
 9672947d1adf409c73d325178fc74525  x86_64/10.2/RPMS/lib64ethereal0-0.10.13-0.1.102mdk.x86_64.rpm
 58676aa8bf6385adef7ea6c0d5772fc3  x86_64/10.2/RPMS/tethereal-0.10.13-0.1.102mdk.x86_64.rpm
 a0877c50091971fc9f23806ed92221da  x86_64/10.2/SRPMS/ethereal-0.10.13-0.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 afa7f414f160baab8255f107c4b68167  2006.0/RPMS/ethereal-0.10.13-0.1.20060mdk.i586.rpm
 d15d1610353763aca11df0c74b418a04  2006.0/RPMS/ethereal-tools-0.10.13-0.1.20060mdk.i586.rpm
 4725840f84343c5c003eaa9f976f8831  2006.0/RPMS/libethereal0-0.10.13-0.1.20060mdk.i586.rpm
 65eb0205ba9778b11ba17bcb6c28bd5e  2006.0/RPMS/tethereal-0.10.13-0.1.20060mdk.i586.rpm
 7925fa1d545fecc56843dee7cc825d8f  2006.0/SRPMS/ethereal-0.10.13-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 99ad384eff6229342322d257c4c93e62  x86_64/2006.0/RPMS/ethereal-0.10.13-0.1.20060mdk.x86_64.rpm
 91c8e78eb70a6106abd9f799157c3c52  x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.1.20060mdk.x86_64.rpm
 75ac237556cc2bf5c8bc341f2fb50e13  x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.1.20060mdk.x86_64.rpm
 71e3810bc682239b3681fc6828fb64db  x86_64/2006.0/RPMS/tethereal-0.10.13-0.1.20060mdk.x86_64.rpm
 7925fa1d545fecc56843dee7cc825d8f  x86_64/2006.0/SRPMS/ethereal-0.10.13-0.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDXvD/mqjQ0CJFipgRAlJuAJkBeyFgs/RoQ61zIxgPx7Dw1KUDtQCgj9hw
5smrLJ4SixkD5uRVecbKZPQ=
=THcB
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities Mandriva Security Team (Oct 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]