Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in ethereal
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ethereal
ID: MDKSA-2005:193-1
Distribution: Mandriva
Plattformen: Mandriva 10.2, Mandriva 2006.0
Datum: Di, 1. November 2005, 17:49
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3249
http://www.ethereal.com/appnotes/enpa-sa-00021.html
Applikationen: Wireshark

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1130363859-24125-3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2005:193-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ethereal
 Date    : October 26, 2005
 Affected: 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Ethereal 0.10.13 is now available fixing a number of security
 vulnerabilities in various dissectors:
 
 - the ISAKMP dissector could exhaust system memory
 - the FC-FCS dissector could exhaust system memory
 - the RSVP dissector could exhaust system memory
 - the ISIS LSP dissector could exhaust system memory
 - the IrDA dissector could crash
 - the SLIMP3 dissector could overflow a buffer
 - the BER dissector was susceptible to an infinite loop
 - the SCSI dissector could dereference a null pointer and crash
 - the sFlow dissector could dereference a null pointer and crash
 - the RTnet dissector could dereference a null pointer and crash
 - the SigComp UDVM could go into an infinite loop or crash
 - the X11 dissector could attempt to divide by zero
 - if SMB transaction payload reassembly is enabled the SMB dissector
   could crash (by default this is disabled)
 - if the "Dissect unknown RPC program numbers" option was enabled, the
   ONC RPC dissector might be able to exhaust system memory (by default
   this is disabled)
 - the AgentX dissector could overflow a buffer
 - the WSP dissector could free an invalid pointer
 - iDEFENSE discovered a buffer overflow in the SRVLOC dissector
 
 The new version of Ethereal is provided and corrects all of these
 issues.

 Update:

 An infinite loop in the IRC dissector was also discovered and fixed
 after the 0.10.13 release.  The updated packages include the fix.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3241
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3242
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3243
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3244
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3245
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3246
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3247
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3248
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3249
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3184
 http://www.ethereal.com/appnotes/enpa-sa-00021.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 30d68fb7d3dd3e10f99ce0e4067e29e3 
 10.2/RPMS/ethereal-0.10.13-0.2.102mdk.i586.rpm
 ee195abe7f3fd9abe3db39cd3b497a8c 
 10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.i586.rpm
 8930ea673040d37f41ad955412ba3623 
 10.2/RPMS/libethereal0-0.10.13-0.2.102mdk.i586.rpm
 3bc4bd7208feaf92f77f3a83b0f3281b 
 10.2/RPMS/tethereal-0.10.13-0.2.102mdk.i586.rpm
 7fe65f07557a9dcb662eb1b6967ce31f 
 10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 cb69d27d896a19a03fe1c05effffe98d 
 x86_64/10.2/RPMS/ethereal-0.10.13-0.2.102mdk.x86_64.rpm
 28dca424f2fdef25ab9b5f2115c7b577 
 x86_64/10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.x86_64.rpm
 b47935d8d59d817e69b54d2487e12445 
 x86_64/10.2/RPMS/lib64ethereal0-0.10.13-0.2.102mdk.x86_64.rpm
 e717805302885ba4af36a16768f93668 
 x86_64/10.2/RPMS/tethereal-0.10.13-0.2.102mdk.x86_64.rpm
 7fe65f07557a9dcb662eb1b6967ce31f 
 x86_64/10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 993d95642384bf74c9ed2f7279caa3b2 
 2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.i586.rpm
 a8cb961f3fee116724f8af4ce64f8244 
 2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.i586.rpm
 ef572149f1c053ddcf47afa4c704ca58 
 2006.0/RPMS/libethereal0-0.10.13-0.2.20060mdk.i586.rpm
 21d6112631fa025e0b01b2fe7698aada 
 2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.i586.rpm
 04595febee4cf49a9e851563ef8975c9 
 2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a1af50cf48c2d44c44b0068ee265609f 
 x86_64/2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.x86_64.rpm
 c4c26c4bcd136c8a8d540c62e51ba8f5 
 x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.x86_64.rpm
 fc393647ae421ef0e9b60967bc22b65e 
 x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.2.20060mdk.x86_64.rpm
 ca89deabfae41880a7e37e6e70451caf 
 x86_64/2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.x86_64.rpm
 04595febee4cf49a9e851563ef8975c9 
 x86_64/2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/V7mqjQ0CJFipgRAgJzAKCS/Qu4ySCH+ysIjUWnVwldSLMcPQCfSe9j
cLKewlLPlR86eNfiWtUkavg=
=Ofo7
-----END PGP SIGNATURE-----

------------=_1130363859-24125-3
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1130363859-24125-3--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung