MDKSA-2003:070

Package name

ethereal

Date

2003-06-23

Advisory ID

MDKSA-2003:070

Affected versions

9.1 i586 , 9.1 i586

Problem description

A number of string handling bugs were found in the packet dissectors in ethereal that can be exploited using specially crafted packets to cause ethereal to consume excessive amounts of memory, crash, or even execute arbitray code. These vulnerabilities have been fixed upsteam in ethereal 0.9.13 and all users are encouraged to upgrade.

Updated packages

9.1 i586

 cc375732dd25961875bfda6356c09dd6  ppc/9.1/RPMS/ethereal-0.9.13-1.1mdk.ppc.rpm
e36b73caf5b8ab321550e54d33ca8ac6  ppc/9.1/SRPMS/ethereal-0.9.13-1.1mdk.src.rpm

9.1 i586

 b1564371c3ffbe52f832b1c9a7e05644  9.1/RPMS/ethereal-0.9.13-1.1mdk.i586.rpm
e36b73caf5b8ab321550e54d33ca8ac6  9.1/SRPMS/ethereal-0.9.13-1.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0428
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0429
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0431
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0432
• http://www.ethereal.com/appnotes/enpa-sa-00010.html