Sicherheit: Mehrere Probleme in ethereal

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: ethereal
Advisory ID: MDKSA-2005:013
Date: January 24th, 2005

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A number of vulnerabilities were found in Ethereal, all of which are
fixed in version 0.10.9: The COPS dissector could go into an infinite
loop (CAN-2005-0006); the DLSw dissector could cause an assertion,
making Ethereal exit prematurely (CAN-2005-0007); the DNP dissector
could cause memory corruption (CAN-2005-0008); the Gnutella dissector
could cause an assertion, making Ethereal exit prematurely
(CAN-2005-0009); the MMSE dissector could free static memory
(CAN-2005-0010); and the X11 protocol dissector is vulnerable to a
string buffer overflow (CAN-2005-0084).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084
http://www.ethereal.com/appnotes/enpa-sa-00017.html
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
c74b93a5f05c68eb7845c6d3a05d7ab5
10.0/RPMS/ethereal-0.10.9-0.1.100mdk.i586.rpm
bbdcd41fe80851a0248c8606f0f0ddba
10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
3ab0b6691827a4d228b2696efda24de1
amd64/10.0/RPMS/ethereal-0.10.9-0.1.100mdk.amd64.rpm
bbdcd41fe80851a0248c8606f0f0ddba
amd64/10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm

Mandrakelinux 10.1:
72d299832f7340c675f9cf89aaad555f
10.1/RPMS/ethereal-0.10.9-0.1.101mdk.i586.rpm
646de9ee68b10dba30c6f7f0b9989f7d
10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.i586.rpm
48cb5ca4befde405416a9aa7c19b5556
10.1/RPMS/libethereal0-0.10.9-0.1.101mdk.i586.rpm
c3d5c5d06f7afd1e23f06f682188c03e
10.1/RPMS/tethereal-0.10.9-0.1.101mdk.i586.rpm
87e639367056153d74db172ebb8ca897
10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
f8852108acdeb991a2a2c06e225863d9
x86_64/10.1/RPMS/ethereal-0.10.9-0.1.101mdk.x86_64.rpm
3ee69f3876a7741ddeb8a79ac2229fb7
x86_64/10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.x86_64.rpm
edb8a0f7523320df5f30db3e872ef139
x86_64/10.1/RPMS/lib64ethereal0-0.10.9-0.1.101mdk.x86_64.rpm
6cf8367b84d5508cdaaa96e59f973ce8
x86_64/10.1/RPMS/tethereal-0.10.9-0.1.101mdk.x86_64.rpm
87e639367056153d74db172ebb8ca897
x86_64/10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB9WN6mqjQ0CJFipgRAqG4AKDti9Fj1khxPj88qvxE0gCmVRJA5gCfQ8KW
S0Z/tQAWhZM8zLyl08Is5Jo=
=Ymy9
-----END PGP SIGNATURE-----

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________