From security@linux-mandrake.com Mon Jan 24 16:38:44 2005 From: Mandrake Linux Security Team To: full-disclosure@lists.netsys.com Date: Mon, 24 Jan 2005 14:07:06 -0700 Subject: [Full-Disclosure] MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: ethereal Advisory ID: MDKSA-2005:013 Date: January 24th, 2005 Affected versions: 10.0, 10.1 ______________________________________________________________________ Problem Description: A number of vulnerabilities were found in Ethereal, all of which are fixed in version 0.10.9: The COPS dissector could go into an infinite loop (CAN-2005-0006); the DLSw dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0007); the DNP dissector could cause memory corruption (CAN-2005-0008); the Gnutella dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0009); the MMSE dissector could free static memory (CAN-2005-0010); and the X11 protocol dissector is vulnerable to a string buffer overflow (CAN-2005-0084). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084 http://www.ethereal.com/appnotes/enpa-sa-00017.html ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: c74b93a5f05c68eb7845c6d3a05d7ab5 10.0/RPMS/ethereal-0.10.9-0.1.100mdk.i586.rpm bbdcd41fe80851a0248c8606f0f0ddba 10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 3ab0b6691827a4d228b2696efda24de1 amd64/10.0/RPMS/ethereal-0.10.9-0.1.100mdk.amd64.rpm bbdcd41fe80851a0248c8606f0f0ddba amd64/10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm Mandrakelinux 10.1: 72d299832f7340c675f9cf89aaad555f 10.1/RPMS/ethereal-0.10.9-0.1.101mdk.i586.rpm 646de9ee68b10dba30c6f7f0b9989f7d 10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.i586.rpm 48cb5ca4befde405416a9aa7c19b5556 10.1/RPMS/libethereal0-0.10.9-0.1.101mdk.i586.rpm c3d5c5d06f7afd1e23f06f682188c03e 10.1/RPMS/tethereal-0.10.9-0.1.101mdk.i586.rpm 87e639367056153d74db172ebb8ca897 10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: f8852108acdeb991a2a2c06e225863d9 x86_64/10.1/RPMS/ethereal-0.10.9-0.1.101mdk.x86_64.rpm 3ee69f3876a7741ddeb8a79ac2229fb7 x86_64/10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.x86_64.rpm edb8a0f7523320df5f30db3e872ef139 x86_64/10.1/RPMS/lib64ethereal0-0.10.9-0.1.101mdk.x86_64.rpm 6cf8367b84d5508cdaaa96e59f973ce8 x86_64/10.1/RPMS/tethereal-0.10.9-0.1.101mdk.x86_64.rpm 87e639367056153d74db172ebb8ca897 x86_64/10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB9WN6mqjQ0CJFipgRAqG4AKDti9Fj1khxPj88qvxE0gCmVRJA5gCfQ8KW S0Z/tQAWhZM8zLyl08Is5Jo= =Ymy9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html