Nom du paquet
ethereal
Date
2005-10-26
Advisory ID
MDKSA-2005:193-1
Affected versions
2006.0 i586 , 10.2 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

Ethereal 0.10.13 is now available fixing a number of security
vulnerabilities in various dissectors:

- the ISAKMP dissector could exhaust system memory
- the FC-FCS dissector could exhaust system memory
- the RSVP dissector could exhaust system memory
- the ISIS LSP dissector could exhaust system memory
- the IrDA dissector could crash
- the SLIMP3 dissector could overflow a buffer
- the BER dissector was susceptible to an infinite loop
- the SCSI dissector could dereference a null pointer and crash
- the sFlow dissector could dereference a null pointer and crash
- the RTnet dissector could dereference a null pointer and crash
- the SigComp UDVM could go into an infinite loop or crash
- the X11 dissector could attempt to divide by zero
- if SMB transaction payload reassembly is enabled the SMB dissector
could crash (by default this is disabled)
- if the "Dissect unknown RPC program numbers" option was enabled, the
ONC RPC dissector might be able to exhaust system memory (by default
this is disabled)
- the AgentX dissector could overflow a buffer
- the WSP dissector could free an invalid pointer
- iDEFENSE discovered a buffer overflow in the SRVLOC dissector

The new version of Ethereal is provided and corrects all of these
issues.

Update:

An infinite loop in the IRC dissector was also discovered and fixed
after the 0.10.13 release. The updated packages include the fix.

Updated packages

2006.0 i586

 993d95642384bf74c9ed2f7279caa3b2  2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.i586.rpm
 a8cb961f3fee116724f8af4ce64f8244  2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.i586.rpm
 ef572149f1c053ddcf47afa4c704ca58  2006.0/RPMS/libethereal0-0.10.13-0.2.20060mdk.i586.rpm
 21d6112631fa025e0b01b2fe7698aada  2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.i586.rpm
 04595febee4cf49a9e851563ef8975c9  2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm

10.2 i586

 30d68fb7d3dd3e10f99ce0e4067e29e3  10.2/RPMS/ethereal-0.10.13-0.2.102mdk.i586.rpm
 ee195abe7f3fd9abe3db39cd3b497a8c  10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.i586.rpm
 8930ea673040d37f41ad955412ba3623  10.2/RPMS/libethereal0-0.10.13-0.2.102mdk.i586.rpm
 3bc4bd7208feaf92f77f3a83b0f3281b  10.2/RPMS/tethereal-0.10.13-0.2.102mdk.i586.rpm
 7fe65f07557a9dcb662eb1b6967ce31f  10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm

10.2 x86_64

 cb69d27d896a19a03fe1c05effffe98d  x86_64/10.2/RPMS/ethereal-0.10.13-0.2.102mdk.x86_64.rpm
 28dca424f2fdef25ab9b5f2115c7b577  x86_64/10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.x86_64.rpm
 b47935d8d59d817e69b54d2487e12445  x86_64/10.2/RPMS/lib64ethereal0-0.10.13-0.2.102mdk.x86_64.rpm
 e717805302885ba4af36a16768f93668  x86_64/10.2/RPMS/tethereal-0.10.13-0.2.102mdk.x86_64.rpm
 7fe65f07557a9dcb662eb1b6967ce31f  x86_64/10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm

2006.0 x86_64

 a1af50cf48c2d44c44b0068ee265609f  x86_64/2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.x86_64.rpm
 c4c26c4bcd136c8a8d540c62e51ba8f5  x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.x86_64.rpm
 fc393647ae421ef0e9b60967bc22b65e  x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.2.20060mdk.x86_64.rpm
 ca89deabfae41880a7e37e6e70451caf  x86_64/2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.x86_64.rpm
 04595febee4cf49a9e851563ef8975c9  x86_64/2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm

References