MDKSA-2005:131 - Updated ethereal packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: ethereal
Advisory ID: MDKSA-2005:131
Date: August 4th, 2005
Affected versions: 10.1, 10.2
______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in versions of Ethereal
prior to version 0.10.12, including:
The SMB dissector could overflow a buffer or exhaust memory
(CAN-2005-2365).
iDefense discovered that several dissectors are vulnerable to
format string overflows (CAN-2005-2367).
A number of other portential crash issues in various dissectors
have also been corrected.
This update provides Ethereal 0.10.12 which is not vulnerable to these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2367
http://www.ethereal.com/appnotes/enpa-sa-00020.html
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
f6931a74612db92aa0d4615960214854
10.1/RPMS/ethereal-0.10.12-0.1.101mdk.i586.rpm
f8e815399aa508bf8d1fe03e19e3e8ef
10.1/RPMS/ethereal-tools-0.10.12-0.1.101mdk.i586.rpm
00383dd9ea00d5cde9b64d0d6f03efb0
10.1/RPMS/libethereal0-0.10.12-0.1.101mdk.i586.rpm
9bcdac91996cbbb02368c220b86de184
10.1/RPMS/tethereal-0.10.12-0.1.101mdk.i586.rpm
feacd9f7018da58e7ff3110c2c3a96f3
10.1/SRPMS/ethereal-0.10.12-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
f17ca7252e3face05e6228848385b203
x86_64/10.1/RPMS/ethereal-0.10.12-0.1.101mdk.x86_64.rpm
9b13e9b5b6320ea4eb9a83322f1a098f
x86_64/10.1/RPMS/ethereal-tools-0.10.12-0.1.101mdk.x86_64.rpm
d1d7606243229d77ab94632493ab5c12
x86_64/10.1/RPMS/lib64ethereal0-0.10.12-0.1.101mdk.x86_64.rpm
cf99953e73c3fb87fdca96fbb01e8897
x86_64/10.1/RPMS/tethereal-0.10.12-0.1.101mdk.x86_64.rpm
feacd9f7018da58e7ff3110c2c3a96f3
x86_64/10.1/SRPMS/ethereal-0.10.12-0.1.101mdk.src.rpm
Mandrakelinux 10.2:
5397caa26eaaa2760d6cf2b7f88da399
10.2/RPMS/ethereal-0.10.12-0.1.102mdk.i586.rpm
7c8b866673c056603666296737e1938f
10.2/RPMS/ethereal-tools-0.10.12-0.1.102mdk.i586.rpm
6de8272b6bd220ef4acd91dd7f09620b
10.2/RPMS/libethereal0-0.10.12-0.1.102mdk.i586.rpm
b2a94687155df4359cc7b480d4a49e64
10.2/RPMS/tethereal-0.10.12-0.1.102mdk.i586.rpm
6af1afa58f0effe14bf02adbb3b3620a
10.2/SRPMS/ethereal-0.10.12-0.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
ffcfdc52a177e3cdc38457f9cda8ae6f
x86_64/10.2/RPMS/ethereal-0.10.12-0.1.102mdk.x86_64.rpm
1d4d5bc3bdb9412d5224bd54ba161ad3
x86_64/10.2/RPMS/ethereal-tools-0.10.12-0.1.102mdk.x86_64.rpm
cf7a1d7610c4443d1d2d1f2859bda528
x86_64/10.2/RPMS/lib64ethereal0-0.10.12-0.1.102mdk.x86_64.rpm
34d6fc3ecd5481dcdb8e1746c74d696f
x86_64/10.2/RPMS/tethereal-0.10.12-0.1.102mdk.x86_64.rpm
6af1afa58f0effe14bf02adbb3b3620a
x86_64/10.2/SRPMS/ethereal-0.10.12-0.1.102mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC8p2UmqjQ0CJFipgRAvmbAJ9YLRV08jpwKPL5WCkjT1sEXSFsagCfUqDm
Rq9olMMt2meDVDrSCrfpvag=
=I6yL
-----END PGP SIGNATURE-----