drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ethereal (Fedora Core 1)
| Name: |
Mehrere Probleme in ethereal (Fedora Core 1)
|
|
| ID: |
FEDORA-2004-219 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora Core 1 |
|
| Datum: |
Fr, 16. Juli 2004, 13:00 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0635 |
|
| Applikationen: |
Wireshark |
|
Originalnachricht |
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-219
2004-07-14
---------------------------------------------------------------------
Product : Fedora Core 1
Name : ethereal
Version : 0.10.5
Release : 0.1.1
Summary : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.
---------------------------------------------------------------------
Update Information:
Issues have been discovered in the following protocol dissectors:
* The iSNS dissector could make Ethereal abort in some cases.
(0.10.3 - 0.10.4) CAN-2004-0633
* SMB SID snooping could crash if there was no policy name for a
handle. (0.9.15 - 0.10.4) CAN-2004-0634
* The SNMP dissector could crash due to a malformed or missing
community string. (0.8.15 - 0.10.4) CAN-2004-0635
Impact:
It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet onto the wire or by convincing
someone to read a malformed packet trace file.
Resolution:
Upgrade to 0.10.5.
If you are running a version prior to 0.10.5 and you cannot upgrade, you
can disable all of the protocol dissectors listed above by selecting
Analyze->Enabled Protocols... and deselecting them from the list. For
SMB, you can alternatively disable SID snooping in the SMB protocol
preferences. However, it is strongly recommended that you upgrade to
0.10.5.
---------------------------------------------------------------------
* Fri Jul 09 2004 Phil Knirsch <pknirsch@redhat.com> 0.10.5-0.1.1
- Update to ethereal-0.10.5 for various security bugfixes.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
9751b92c7bdefaaf6745b034c8e3204e SRPMS/ethereal-0.10.5-0.1.1.src.rpm
34c62134a742a1fce28a37266f0a8e7c x86_64/ethereal-0.10.5-0.1.1.x86_64.rpm
b002b7b82e68596c972c062b3ad95f9e
x86_64/ethereal-gnome-0.10.5-0.1.1.x86_64.rpm
4710db2e7d93cf0e9e7ddb3d4ab20d4b
x86_64/debug/ethereal-debuginfo-0.10.5-0.1.1.x86_64.rpm
ecc5eab62824dc34c8de6c4f12a8b8bf i386/ethereal-0.10.5-0.1.1.i386.rpm
1c5004476fe460260699f713cee0ca3a i386/ethereal-gnome-0.10.5-0.1.1.i386.rpm
ae8b276396b0312aa29d032b5f24fd2a
i386/debug/ethereal-debuginfo-0.10.5-0.1.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Philipp Knirsch | Tel.: +49-711-96437-470
Development | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <phil@redhat.de>
Hauptstaetterstr. 58 | Web: http://www.redhat.de/
D-70178 Stuttgart
Motd: You're only jealous cos the little penguins are talking to me.
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
|
|
