Fedora Essential and Critical Security Patch Updates - Page 826

Fedora Core 5 Update: ethereal-0.99.0-fc5.1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Many security vulnerabilities have been fixed since the previous release. * The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 * The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933 * The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 * The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937 * The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937 * Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932 * The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935 * The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal: * The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937 * Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938 * An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937 * The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937 * The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 * The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 * The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938 * The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933 * The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940 * The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934 * The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934 * The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 * The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 * The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936 * ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939 * The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937 * The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 * The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939

LinuxSecurity.com Team
Apr 25, 2006

Fedora Core 5 Update: cscope-15.5-13.3

Updated package.

LinuxSecurity.com Team
Apr 21, 2006

Fedora Core 4 Update: jwhois-3.2.3-3.3.fc4.1

Updates jwhois to 3.2.3 and updates the default configuration.

LinuxSecurity.com Team
Apr 21, 2006

Fedora Core 5 Update: gnome-user-share-0.9-4

Fixes login when using password.

LinuxSecurity.com Team
Apr 21, 2006

Fedora Core 5 Update: beagle-0.2.5-1.fc5.1

This upgrade to 0.2.5 fixes various bugs, including making the firefox extension work again. It also contains fixes for a minor security issue where you could inject command line argument into the indexer helpers.

LinuxSecurity.com Team
Apr 21, 2006

Fedora Core 5 Update: procinfo-18-18.2.2

Updated package.

LinuxSecurity.com Team
Apr 21, 2006

Fedora Core 5 Update: procps-3.2.6-3.3

Updated package.

LinuxSecurity.com Team
Apr 21, 2006

Fedora Core 5 Update: tzdata-2006d-1.fc5

Updated package.

LinuxSecurity.com Team
Apr 20, 2006

Fedora Core 4 Update: tzdata-2006d-1.fc4

Updated package.

LinuxSecurity.com Team
Apr 20, 2006

Fedora Core 4 Update: gnome-pilot-2.0.13-5.fc4.2

Updated package.

LinuxSecurity.com Team
Apr 20, 2006

Fedora Core 4 Update: qt-3.3.4-15.5

Updated package.

LinuxSecurity.com Team
Apr 20, 2006

Fedora Core 4 Update: kernel-2.6.16-1.2096_FC4

This update includes a number of security issues that have been fixed upstream over the last week or so.

LinuxSecurity.com Team
Apr 20, 2006

Fedora Core 5 Update: gnome-pilot-2.0.13-7.fc5.6

Updated package.

LinuxSecurity.com Team
Apr 20, 2006

Fedora Core 4 Update: kernel-2.6.16-1.2096_FC4 2006-423

This update includes a number of security issues that have been fixed upstream over the last week or so.

LinuxSecurity.com Team
Apr 20, 2006

Fedora Core 5 Update: firefox-1.5.0.2-1.2.fc5

Two broken language packs were inadvertently included in the previous Firefox update. This caused issues such as an error dialog appearing upon startup of the browser, or certain plugins and extensions not working. It is recommended that users of Firefox upgrade to correct those issues.