--------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated ethereal packages fix security issues Advisory ID: FLSA:152922 Issue date: 2006-01-09 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-1139, CAN-2004-1140, CVE-2004-1141, CVE-2004-1142, CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009, CVE-2005-0010, CVE-2005-0084, CVE-2005-0699, CVE-2005-0704, CVE-2005-0705, CVE-2005-0739, CVE-2005-1456, CVE-2005-1457, CVE-2005-1458, CVE-2005-1459, CVE-2005-1460, CVE-2005-1461, CVE-2005-1462, CVE-2005-1463, CVE-2005-1464, CVE-2005-1465, CVE-2005-1466, CVE-2005-1467, CVE-2005-1468, CVE-2005-1469, CVE-2005-1470, CVE-2005-2360, CVE-2005-2361, CVE-2005-2362, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, CVE-2005-2367, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243, CVE-2005-3244, CVE-2005-3245, CVE-2005-3246, CVE-2005-3247, CVE-2005-3248, CVE-2005-3249, and CVE-2005-3184. --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated Ethereal packages that fix various security vulnerabilities are now available. Ethereal is a program for monitoring network traffic. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues: CAN-2004-1139, CAN-2004-1140, CVE-2004-1141, CVE-2004-1142, CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009, CVE-2005-0010, CVE-2005-0084, CVE-2005-0699, CVE-2005-0704, CVE-2005-0705, CVE-2005-0739, CVE-2005-1456, CVE-2005-1457, CVE-2005-1458, CVE-2005-1459, CVE-2005-1460, CVE-2005-1461, CVE-2005-1462, CVE-2005-1463, CVE-2005-1464, CVE-2005-1465, CVE-2005-1466, CVE-2005-1467, CVE-2005-1468, CVE-2005-1469, CVE-2005-1470, CVE-2005-2360, CVE-2005-2361, CVE-2005-2362, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, CVE-2005-2367, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243, CVE-2005-3244, CVE-2005-3245, CVE-2005-3246, CVE-2005-3247, CVE-2005-3248, CVE-2005-3249, and CVE-2005-3184. Users of Ethereal should upgrade to these updated packages which contain version 0.10.13 and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152922 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ethereal-0.10.13-0.73.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.13-0.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ethereal-0.10.13-0.90.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.13-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.90.1.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/ethereal-0.10.13-1.FC1.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-0.10.13-1.FC1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/ethereal-0.10.13-1.FC2.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-0.10.13-1.FC2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- b6ec3227ce109dee158226168c100e726bfc20e3 redhat/7.3/updates/i386/ethereal-0.10.13-0.73.1.legacy.i386.rpm 76bf3ca139e814ced155cab659e2845713baeee8 redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpm 27d46417d6c70d7696ce51bb0eda1eca4c09306c redhat/7.3/updates/SRPMS/ethereal-0.10.13-0.73.1.legacy.src.rpm f40d4d125f74b5b2320b5f9c07a4dfe3a38b6070 redhat/9/updates/i386/ethereal-0.10.13-0.90.1.legacy.i386.rpm d2a08d88c8c22d375f36ebcaf480b580244e7b8f redhat/9/updates/i386/ethereal-gnome-0.10.13-0.90.1.legacy.i386.rpm 51e96ba6f6d6448370fd1d7e88bce2be2561f5b8 redhat/9/updates/SRPMS/ethereal-0.10.13-0.90.1.legacy.src.rpm 1f7a8447e658a08866f8050458c130793684ea72 fedora/1/updates/i386/ethereal-0.10.13-1.FC1.3.legacy.i386.rpm 15198b45cdf68437b14cf37476b4eacb93313547 fedora/1/updates/i386/ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpm 7df377ffb3f5267fc65e11adb54882d92135b405 fedora/1/updates/SRPMS/ethereal-0.10.13-1.FC1.3.legacy.src.rpm f50e59779e38adf3de331c9f1b71f49ddb5dec11 fedora/2/updates/i386/ethereal-0.10.13-1.FC2.2.legacy.i386.rpm 92c6b494330da5f7c6757bec6004d9110786c914 fedora/2/updates/i386/ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm aa43704fe2deb8aa46b3e61e3884470d9911e1fa fedora/2/updates/SRPMS/ethereal-0.10.13-1.FC2.2.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2366 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3184 9. Contact: The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature