[SECURITY] Fedora Core 5 Update: ethereal-0.99.0-fc5.1

Radek Vokal rvokal at redhat.com
Tue Apr 25 15:55:22 UTC 2006 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-456
2006-04-25
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : ethereal
Version     : 0.99.0                      
Release     : fc5.1                  
Summary     : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------
Update Information:

 Many security vulnerabilities have been fixed since the
previous release.

    * The H.248 dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
      CVE: CVE-2006-1933

    * The X.509if dissector could crash. Versions affected:
0.10.14.
      CVE: CVE-2006-1937

    * The SRVLOC dissector could crash. Versions affected:
0.10.0 - 0.10.14.
      CVE: CVE-2006-1937

    * The H.245 dissector could crash. Versions affected:
0.10.13 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal's OID printing routine was susceptible to an
off-by-one error. Versions affected: 0.10.14.
      CVE: CVE-2006-1932

    * The COPS dissector could overflow a buffer. Versions
affected: 0.9.15 - 0.10.14.
      CVE: CVE-2006-1935

    * The ALCAP dissector could overflow a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934 

Under a grant funded by the U.S. Department of Homeland
Security, Coverity has uncovered a number of vulnerabilities
in Ethereal:

    * The statistics counter could crash Ethereal. Versions
affected: 0.10.10 - 0.10.14.
      CVE: CVE-2006-1937

    * Ethereal could crash while reading a malformed Sniffer
capture. Versions affected: 0.8.12 - 0.10.14.
      CVE: CVE-2006-1938

    * An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
      CVE: CVE-2006-1937

    * The AIM dissector could crash Ethereal. Versions
affected: 0.10.7 - 0.10.14.
      CVE: CVE-2006-1937

    * The RPC dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The DCERPC dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ASN.1 dissector could crash Ethereal. Versions
affected: 0.9.8 - 0.10.14.
      CVE: CVE-2006-1939

    * The SMB PIPE dissector could crash Ethereal. Versions
affected: 0.8.20 - 0.10.14.
      CVE: CVE-2006-1938

    * The BER dissector could loop excessively. Versions
affected: 0.10.4 - 0.10.14.
      CVE: CVE-2006-1933

    * The SNDCP dissector could abort. Versions affected:
0.10.4 - 0.10.14.
      CVE: CVE-2006-1940

    * The Network Instruments file code could overrun a
buffer. Versions affected: 0.10.0 - 0.10.14.
      CVE: CVE-2006-1934

    * The NetXray/Windows Sniffer file code could overrun a
buffer. Versions affected: 0.10.13 - 0.10.14.
      CVE: CVE-2006-1934

    * The GSM SMS dissector could crash Ethereal. Versions
affected: 0.9.16 - 0.10.14.
      CVE: CVE-2006-1939

    * The ALCAP dissector could overrun a buffer. Versions
affected: 0.10.14.
      CVE: CVE-2006-1934

    * The telnet dissector could overrun a buffer. Versions
affected: 0.8.5 - 0.10.14.
      CVE: CVE-2006-1936

    * ASN.1-based dissectors could crash Ethereal. Versions
affected: 0.9.10 - 0.10.14.
      CVE: CVE-2006-1939

    * The H.248 dissector could crash Ethereal. Versions
affected: 0.10.11 - 0.10.14.
      CVE: CVE-2006-1937

    * The DCERPC NT dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939

    * The PER dissector could crash Ethereal. Versions
affected: 0.9.14 - 0.10.14.
      CVE: CVE-2006-1939
---------------------------------------------------------------------
* Tue Apr 25 2006 Radek Vokál <rvokal at redhat.com> 0.99.0-fc5.1
- update to 0.99.0
* Tue Apr 25 2006 Radek Vokál <rvokal at redhat.com> 0.10.14-4
- fix crash when tuning columns (#189428)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

db2d1fa4854b097f2d5443b477219e2d07ab9242  SRPMS/ethereal-0.99.0-fc5.1.src.rpm
2a4443475f30970021161e5783fad691a3ca735c  ppc/ethereal-0.99.0-fc5.1.ppc.rpm
52d37a0046435d710470ec8b82365b9a7f11adb4  ppc/ethereal-gnome-0.99.0-fc5.1.ppc.rpm
b4fc06d09f40a9a2e860260985b08d3293f0923a  ppc/debug/ethereal-debuginfo-0.99.0-fc5.1.ppc.rpm
97b4d5d2d9102f738756941f8c11cbc0a297c10b  x86_64/ethereal-0.99.0-fc5.1.x86_64.rpm
f18308798b547d5ebdd6343b5e721f451462db1c  x86_64/ethereal-gnome-0.99.0-fc5.1.x86_64.rpm
289851bf8d2942a39bead770bda76b983606dbcc  x86_64/debug/ethereal-debuginfo-0.99.0-fc5.1.x86_64.rpm
558e4618167c0667502d032fc60389199511e692  i386/ethereal-0.99.0-fc5.1.i386.rpm
b0c8f0082befdfb6ecf8acdf5af575b30ad9b1de  i386/ethereal-gnome-0.99.0-fc5.1.i386.rpm
1c5dc98172f23708dd31e3dfaea056e45237e528  i386/debug/ethereal-debuginfo-0.99.0-fc5.1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the announce mailing list