---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-040
2003-12-18
---------------------------------------------------------------------

Name        : ethereal
Version     : 0.10.0a
Release     : 0.1
Summary     : Network traffic analyzer
Description : Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

---------------------------------------------------------------------
Update Information:

 Serious issues have been discovered in the following protocol dissectors:

    * Selecting "Match->Selected" or "Prepare->Selected" for a malformed SMB packet could cause a segmentation fault.
    * It is possible for the Q.931 dissector to dereference a null pointer when reading a malformed packet.

Impact:

Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code.

Resolution:

Upgrade to 0.10.0.

If you are running a version prior to 0.10.0 and you cannot upgrade, you can disable the SMB and Q.931 protocol dissectors by selecting Edit->Protocols... and deselecting them from the list.
---------------------------------------------------------------------
* Wed Dec 17 2003 Phil Knirsch <pknirsch@redhat.com> 0.10.0a-0.1

- Update to latest upstream version 0.10.0a
- Fixed plugins problem.


---------------------------------------------------------------------
This update can be downloaded from:
    

5ac28be19cc9b3113b6c339aed1c5f33  SRPMS/ethereal-0.10.0a-0.1.src.rpm
5e295a50ac358b0edd4828d39da04a9e  i386/ethereal-0.10.0a-0.1.i386.rpm
8b0add410bf1e84f44f1e93c91a29596  i386/ethereal-gnome-0.10.0a-0.1.i386.rpm
0cf3428ab5d3ec2fdf8b415d79b5d9db i386/debug/ethereal-debuginfo-0.10.0a-0.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

-- 
Philipp Knirsch      | Tel.:  +49-711-96437-470
Development          | Fax.:  +49-711-96437-111
Red Hat GmbH         | Email: Phil Knirsch <phil@redhat.de>
Hauptstaetterstr. 58 | Web:    Red Hat DACH-Region
D-70178 Stuttgart
Motd:  You're only jealous cos the little penguins are talking to me.


-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: etherial Multiple malformed packet vulerabilities

December 19, 2003
Both vulnerabilities will make the Ethereal application crash

Summary

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for ethereal. A graphical user interface is packaged

separately to GTK+ package.

Update Information:

Serious issues have been discovered in the following protocol dissectors:

* Selecting "Match->Selected" or "Prepare->Selected" for a malformed SMB packet could cause a segmentation fault. * It is possible for the Q.931 dissector to dereference a null pointer when reading a malformed packet.

Impact:

Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code.

Resolution:

Upgrade to 0.10.0.

If you are running a version prior to 0.10.0 and you cannot upgrade, you can disable the SMB and Q.931 protocol dissectors by selecting Edit->Protocols... and deselecting them from the list. * Wed Dec 17 2003 Phil Knirsch <pknirsch@redhat.com> 0.10.0a-0.1

- Update to latest upstream version 0.10.0a - Fixed plugins problem.


This update can be downloaded from:


5ac28be19cc9b3113b6c339aed1c5f33 SRPMS/ethereal-0.10.0a-0.1.src.rpm...

Read the Full Advisory

Change Log

References

Fedora Update Notification FEDORA-2003-040 2003-12-18 Name : ethereal Version : 0.10.0a Release : 0.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package.

Update Instructions

Severity
Name : ethereal
Version : 0.10.0a
Release : 0.1
Summary : Network traffic analyzer

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved