drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ethereal
Name: |
Mehrere Probleme in ethereal |
|
ID: |
FEDORA-2006-461 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora Core 4 |
|
Datum: |
Mi, 26. April 2006, 17:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1940 |
|
Applikationen: |
Wireshark |
|
Originalnachricht |
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2006-461 2006-04-26 ---------------------------------------------------------------------
Product : Fedora Core 4 Name : ethereal Version : 0.99.0 Release : fc4.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package.
--------------------------------------------------------------------- Update Information:
Many security vulnerabilities have been fixed since the previous release.
* The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937
* The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933
* The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937
* The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937
* The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937
* Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932
* The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935
* The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934
Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal:
* The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937
* Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938
* An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
* The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937
* The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937
* The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939
* The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
* The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939
* The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938
* The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933
* The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940
* The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934
* The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934
* The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939
* The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934
* The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936
* ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939
* The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937
* The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939
* The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 --------------------------------------------------------------------- * Tue Apr 25 2006 Radek Vokál <rvokal@redhat.com> 0.99.0-fc4.1 - update to 0.99.0 - fix segfault when rearranging columns
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
462f828b3f5708f7a9225952e1b01f3a10c8c28f SRPMS/ethereal-0.99.0-fc4.1.src.rpm 10af5f56d3be8b24ba3cbd1930f5edfa02fefc4f ppc/ethereal-0.99.0-fc4.1.ppc.rpm 3c3424e8a2840994ed64e7071096a82567be076a ppc/ethereal-gnome-0.99.0-fc4.1.ppc.rpm 6ee0df23b23b6b52587d3041b5b8435fcf9b7f18 ppc/debug/ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm 2f9a992da291462ff8496525352b809f0338c2b4 x86_64/ethereal-0.99.0-fc4.1.x86_64.rpm ba97833a340bb014beb26e6a74b0ed4a4169bc2f x86_64/ethereal-gnome-0.99.0-fc4.1.x86_64.rpm 8d03f722713ee6e55cefc149af72440733f0d48f x86_64/debug/ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm 6a24e66c6d732387713af9f83a6cd01508f2c73f i386/ethereal-0.99.0-fc4.1.i386.rpm bf074656cfb1a0bf70264fd27a08ad0cc3602110 i386/ethereal-gnome-0.99.0-fc4.1.i386.rpm 9323b27214f01f1dc34a082ff1c5961773319f9b i386/debug/ethereal-debuginfo-0.99.0-fc4.1.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. ---------------------------------------------------------------------
-- fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
|
|