|
|
| Problem Description |
A number of vulnerabilities were discovered in versions of Ethereal
prior to version 0.10.12, including:
The SMB dissector could overflow a buffer or exhaust memory
(CAN-2005-2365).
iDefense discovered that several dissectors are vulnerable to
format string overflows (CAN-2005-2367).
A number of other portential crash issues in various dissectors
have also been corrected.
This update provides Ethereal 0.10.12 which is not vulnerable to these
issues.
| Updated Packages |
Mandrakelinux 10.1
f6931a74612db92aa0d4615960214854 10.1/RPMS/ethereal-0.10.12-0.1.101mdk.i586.rpm f8e815399aa508bf8d1fe03e19e3e8ef 10.1/RPMS/ethereal-tools-0.10.12-0.1.101mdk.i586.rpm 00383dd9ea00d5cde9b64d0d6f03efb0 10.1/RPMS/libethereal0-0.10.12-0.1.101mdk.i586.rpm 9bcdac91996cbbb02368c220b86de184 10.1/RPMS/tethereal-0.10.12-0.1.101mdk.i586.rpm feacd9f7018da58e7ff3110c2c3a96f3 10.1/SRPMS/ethereal-0.10.12-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
f17ca7252e3face05e6228848385b203 x86_64/10.1/RPMS/ethereal-0.10.12-0.1.101mdk.x86_64.rpm 9b13e9b5b6320ea4eb9a83322f1a098f x86_64/10.1/RPMS/ethereal-tools-0.10.12-0.1.101mdk.x86_64.rpm d1d7606243229d77ab94632493ab5c12 x86_64/10.1/RPMS/lib64ethereal0-0.10.12-0.1.101mdk.x86_64.rpm cf99953e73c3fb87fdca96fbb01e8897 x86_64/10.1/RPMS/tethereal-0.10.12-0.1.101mdk.x86_64.rpm feacd9f7018da58e7ff3110c2c3a96f3 x86_64/10.1/SRPMS/ethereal-0.10.12-0.1.101mdk.src.rpm
Mandriva Linux LE2005
5397caa26eaaa2760d6cf2b7f88da399 10.2/RPMS/ethereal-0.10.12-0.1.102mdk.i586.rpm 7c8b866673c056603666296737e1938f 10.2/RPMS/ethereal-tools-0.10.12-0.1.102mdk.i586.rpm 6de8272b6bd220ef4acd91dd7f09620b 10.2/RPMS/libethereal0-0.10.12-0.1.102mdk.i586.rpm b2a94687155df4359cc7b480d4a49e64 10.2/RPMS/tethereal-0.10.12-0.1.102mdk.i586.rpm 6af1afa58f0effe14bf02adbb3b3620a 10.2/SRPMS/ethereal-0.10.12-0.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
ffcfdc52a177e3cdc38457f9cda8ae6f x86_64/10.2/RPMS/ethereal-0.10.12-0.1.102mdk.x86_64.rpm 1d4d5bc3bdb9412d5224bd54ba161ad3 x86_64/10.2/RPMS/ethereal-tools-0.10.12-0.1.102mdk.x86_64.rpm cf7a1d7610c4443d1d2d1f2859bda528 x86_64/10.2/RPMS/lib64ethereal0-0.10.12-0.1.102mdk.x86_64.rpm 34d6fc3ecd5481dcdb8e1746c74d696f x86_64/10.2/RPMS/tethereal-0.10.12-0.1.102mdk.x86_64.rpm 6af1afa58f0effe14bf02adbb3b3620a x86_64/10.2/SRPMS/ethereal-0.10.12-0.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2367
http://www.ethereal.com/appnotes/enpa-sa-00020.html
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.