|
|
| Problem Description |
A number of vulnerabilities were discovered in previous version of
Ethereal that have been fixed in the 0.10.11 release, including:
- The ANSI A and DHCP dissectors are vulnerable to format string
vulnerabilities.
- The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP
and Presentation dissectors are vulnerable to buffer overflows.
- The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
NETLOGON dissectors are vulnerable to pointer handling errors.
- The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
L2TP dissectors are vulnerable to looping problems.
- The Telnet and DHCP dissectors could abort.
- The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
segmentation fault.
- The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.
- The DICOM, NDPS and ICEP dissectors are vulnerable to memory
handling errors.
- The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
dissectors could terminate abnormallly.
| Updated Packages |
Mandrakelinux 10.1
ae2866749c7a3ceebbd6550ef5a29154 10.1/RPMS/ethereal-0.10.11-0.1.101mdk.i586.rpm 7a27b1b13fd7b9232f078f3c803863c8 10.1/RPMS/ethereal-tools-0.10.11-0.1.101mdk.i586.rpm b32725663f41c817169c650c04dff15e 10.1/RPMS/libethereal0-0.10.11-0.1.101mdk.i586.rpm f995c192659c93c5a77d12ff0dfb74e3 10.1/RPMS/tethereal-0.10.11-0.1.101mdk.i586.rpm 0d2e9e9478b964b9de67e10dab5996d7 10.1/SRPMS/ethereal-0.10.11-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
a6fdb42381866c6c2df04732a0e2e2f0 x86_64/10.1/RPMS/ethereal-0.10.11-0.1.101mdk.x86_64.rpm 285be2e4fff2cec54772d08daf994c0f x86_64/10.1/RPMS/ethereal-tools-0.10.11-0.1.101mdk.x86_64.rpm a672830433d1bd9c044d081116311406 x86_64/10.1/RPMS/lib64ethereal0-0.10.11-0.1.101mdk.x86_64.rpm da5bb65a0ac86ad8510c9c82c6c3c798 x86_64/10.1/RPMS/tethereal-0.10.11-0.1.101mdk.x86_64.rpm 0d2e9e9478b964b9de67e10dab5996d7 x86_64/10.1/SRPMS/ethereal-0.10.11-0.1.101mdk.src.rpm
Mandriva Linux LE2005
f6d236307d9366150aa2cf900b77ad4b 10.2/RPMS/ethereal-0.10.11-0.1.102mdk.i586.rpm e146cf60690d907aaeb569f59cde8e37 10.2/RPMS/ethereal-tools-0.10.11-0.1.102mdk.i586.rpm a6ee5615d66e5b33ffe05270069fa921 10.2/RPMS/libethereal0-0.10.11-0.1.102mdk.i586.rpm fa4398c9e4947faff78750b289ee922c 10.2/RPMS/tethereal-0.10.11-0.1.102mdk.i586.rpm 0b13985c69b63df65775240b8991c07e 10.2/SRPMS/ethereal-0.10.11-0.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
7c9dc07574f92df6e3920da6c1320cfb x86_64/10.2/RPMS/ethereal-0.10.11-0.1.102mdk.x86_64.rpm 5684d61528aa353ee5ce58d8c99317f9 x86_64/10.2/RPMS/ethereal-tools-0.10.11-0.1.102mdk.x86_64.rpm ce979043e16801b2b4565fb2dae4e18f x86_64/10.2/RPMS/lib64ethereal0-0.10.11-0.1.102mdk.x86_64.rpm 1e5af06f5eb143a956fd3a0ee88109e0 x86_64/10.2/RPMS/tethereal-0.10.11-0.1.102mdk.x86_64.rpm 0b13985c69b63df65775240b8991c07e x86_64/10.2/SRPMS/ethereal-0.10.11-0.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470
http://www.ethereal.com/appnotes/enpa-sa-00019.html
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.