Advisories | Mandriva

Package name	ethereal
Date	March 15th, 2005
Advisory ID	MDKSA-2005:053
Affected versions	10.0, 10.1

Problem Description

A number of issues were discovered in Ethereal versions prior to
0.10.10, which is provided by this update. Matevz Pustisek discovered
a buffer overflow in the Etheric dissector (CAN-2005-0704); the
GPRS-LLC dissector could crash if the "ignore cipher bit" was enabled
(CAN-2005-0705); Diego Giago found a buffer overflow in the 3GPP2 A11
dissector (CAN-2005-0699); Leon Juranic found a buffer overflow in the
IAPP dissector (CAN-2005-0739); and bugs in the JXTA and sFlow
dissectors could make Ethereal crash.

Updated Packages

Mandrakelinux 10.0

 fb966151e94dac463d403f350fb00fa7  10.0/RPMS/ethereal-0.10.10-0.1.100mdk.i586.rpm
b7c41bee5ad00b0b404e2981c561c4ec  10.0/SRPMS/ethereal-0.10.10-0.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 7d3efb484e1b370b13d506114bc0407c  amd64/10.0/RPMS/ethereal-0.10.10-0.1.100mdk.amd64.rpm
b7c41bee5ad00b0b404e2981c561c4ec  amd64/10.0/SRPMS/ethereal-0.10.10-0.1.100mdk.src.rpm

Mandrakelinux 10.1

 6d32ba4fec2e8f9619244c17295ede7e  10.1/RPMS/ethereal-0.10.10-0.1.101mdk.i586.rpm
89a0d8446a64927232a36c2971eef4c8  10.1/RPMS/ethereal-tools-0.10.10-0.1.101mdk.i586.rpm
c11201abc7040579f35b68c2b29edaee  10.1/RPMS/libethereal0-0.10.10-0.1.101mdk.i586.rpm
a867076452de57b9536260e646b27209  10.1/RPMS/tethereal-0.10.10-0.1.101mdk.i586.rpm
383c4e2a2a2fec1574c63a1eaeb658c5  10.1/SRPMS/ethereal-0.10.10-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 ca5d62812d64b98898c9582907aee602  x86_64/10.1/RPMS/ethereal-0.10.10-0.1.101mdk.x86_64.rpm
27f88f8e04f78f470ce4579183cbc0c6  x86_64/10.1/RPMS/ethereal-tools-0.10.10-0.1.101mdk.x86_64.rpm
155e92c6ef477eb93132107ef7146083  x86_64/10.1/RPMS/lib64ethereal0-0.10.10-0.1.101mdk.x86_64.rpm
4eb06c4832cc4490ea000e4d0ff60f7b  x86_64/10.1/RPMS/tethereal-0.10.10-0.1.101mdk.x86_64.rpm
383c4e2a2a2fec1574c63a1eaeb658c5  x86_64/10.1/SRPMS/ethereal-0.10.10-0.1.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0739
http://www.ethereal.com/appnotes/enpa-sa-00018.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.