MDKSA-2005:193-2

Package name
ethereal
Date
2005-10-31
Advisory ID
MDKSA-2005:193-2
Affected versions
2006.0 i586 , 10.2 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

Ethereal 0.10.13 is now available fixing a number of security
vulnerabilities in various dissectors:

- the ISAKMP dissector could exhaust system memory
- the FC-FCS dissector could exhaust system memory
- the RSVP dissector could exhaust system memory
- the ISIS LSP dissector could exhaust system memory
- the IrDA dissector could crash
- the SLIMP3 dissector could overflow a buffer
- the BER dissector was susceptible to an infinite loop
- the SCSI dissector could dereference a null pointer and crash
- the sFlow dissector could dereference a null pointer and crash
- the RTnet dissector could dereference a null pointer and crash
- the SigComp UDVM could go into an infinite loop or crash
- the X11 dissector could attempt to divide by zero
- if SMB transaction payload reassembly is enabled the SMB dissector
could crash (by default this is disabled)
- if the "Dissect unknown RPC program numbers" option was enabled, the
ONC RPC dissector might be able to exhaust system memory (by default
this is disabled)
- the AgentX dissector could overflow a buffer
- the WSP dissector could free an invalid pointer
- iDEFENSE discovered a buffer overflow in the SRVLOC dissector

The new version of Ethereal is provided and corrects all of these
issues.

An infinite loop in the IRC dissector was also discovered and fixed
after the 0.10.13 release. The updated packages include the fix.

Update:

A permissions problem on the /usr/share/ethereal/dtds directory caused
errors when ethereal started as a non-root user. This update corrects
the problem.

Updated packages

2006.0 i586

 8af1ff6957eeec4c57ed84456bebc8d4  2006.0/RPMS/ethereal-0.10.13-0.4.20060mdk.i586.rpm
 2bf9761f316fb2e7bfb7c39df531d5aa  2006.0/RPMS/ethereal-tools-0.10.13-0.4.20060mdk.i586.rpm
 91119b61ac8feb221a535f582d0c6999  2006.0/RPMS/libethereal0-0.10.13-0.4.20060mdk.i586.rpm
 88304b8d2de663615b8892ab542daac3  2006.0/RPMS/tethereal-0.10.13-0.4.20060mdk.i586.rpm
 84306710661cb50171dd48932fb63dd2  2006.0/SRPMS/ethereal-0.10.13-0.4.20060mdk.src.rpm

10.2 i586

 242a0761cc373bf9a5c545da94f583ac  10.2/RPMS/ethereal-0.10.13-0.4.102mdk.i586.rpm
 8a608136690c110505042ef388995ba3  10.2/RPMS/ethereal-tools-0.10.13-0.4.102mdk.i586.rpm
 946e341e5d0dc3d053cadeda9333f946  10.2/RPMS/libethereal0-0.10.13-0.4.102mdk.i586.rpm
 95d542de3760ee3fe7f18127f5be1734  10.2/RPMS/tethereal-0.10.13-0.4.102mdk.i586.rpm
 42f33af6df5039844fac8a8865727410  10.2/SRPMS/ethereal-0.10.13-0.4.102mdk.src.rpm

10.2 x86_64

 02d741cd40bfb763014bae36d7bef2d2  x86_64/10.2/RPMS/ethereal-0.10.13-0.4.102mdk.x86_64.rpm
 530f9d1b04222b25cbba628ba1ee8acf  x86_64/10.2/RPMS/ethereal-tools-0.10.13-0.4.102mdk.x86_64.rpm
 62b2faf4e28f8bbc7c43599c222e8a59  x86_64/10.2/RPMS/lib64ethereal0-0.10.13-0.4.102mdk.x86_64.rpm
 e762c1da45444e1809ff4bf53ff7956e  x86_64/10.2/RPMS/tethereal-0.10.13-0.4.102mdk.x86_64.rpm
 42f33af6df5039844fac8a8865727410  x86_64/10.2/SRPMS/ethereal-0.10.13-0.4.102mdk.src.rpm

2006.0 x86_64

 6bc65409819276ecb849a987b811695d  x86_64/2006.0/RPMS/ethereal-0.10.13-0.4.20060mdk.x86_64.rpm
 8957ed6a15a8b520a742e7f9a331c9a0  x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.4.20060mdk.x86_64.rpm
 5043efdbd709b847a4820b6bda56e117  x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.4.20060mdk.x86_64.rpm
 fb339751b4d1c13314de3492a7f1d363  x86_64/2006.0/RPMS/tethereal-0.10.13-0.4.20060mdk.x86_64.rpm
 84306710661cb50171dd48932fb63dd2  x86_64/2006.0/SRPMS/ethereal-0.10.13-0.4.20060mdk.src.rpm

References