|
|
| Problem Description |
Two vulnerabilities were discovered in versions of Ethereal prior to
0.10.0 that can be exploited to make Ethereal crash by injecting
malformed packets onto the wire or by convincing a user to read a
malformed packet trace file. The first vulnerability is in the SMB
dissector and the second is in the Q.391 dissector. It is not known
whether or not these issues could lead to the execution of arbitrary
code.
The updated packages provide Ethereal 0.10.0 which is not vulnerable
to these issues.
| Updated Packages |
Mandrakelinux 9.1
15b93589c8e2c4a158e392d6e935d107 9.1/RPMS/ethereal-0.10.0a-0.1.91mdk.i586.rpm 0418ffe78b92500b0e85516c9a2877ba 9.1/SRPMS/ethereal-0.10.0a-0.1.91mdk.src.rpm
Mandrakelinux 9.1/PPC
a8bcf806b679829441411a61692112c4 ppc/9.1/RPMS/ethereal-0.10.0a-0.1.91mdk.ppc.rpm 0418ffe78b92500b0e85516c9a2877ba ppc/9.1/SRPMS/ethereal-0.10.0a-0.1.91mdk.src.rpm
Mandrakelinux 9.2
c523748c0251859d6413d494d3ba1fe9 9.2/RPMS/ethereal-0.10.0a-0.1.92mdk.i586.rpm 07fdefedc257d3a53f3e0a3da2c042b2 9.2/SRPMS/ethereal-0.10.0a-0.1.92mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1013
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.