[Full-disclosure] MDKSA-2005:131 - Updated ethereal packages fix multiple vulnerabilities

From: Mandriva Security Team (security_at_mandriva.com)
Date: 08/05/05

  • Next message: Fernando Gont: "Re: [Full-disclosure] Fernando Gont remote command execution and big mouth vulnerability"
    To: full-disclosure@lists.grok.org.uk
    Date: Thu, 04 Aug 2005 16:58:28 -0600
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                    Mandriva Linux Security Update Advisory
     _______________________________________________________________________

     Package name: ethereal
     Advisory ID: MDKSA-2005:131
     Date: August 4th, 2005

     Affected versions: 10.1, 10.2
     ______________________________________________________________________

     Problem Description:

     A number of vulnerabilities were discovered in versions of Ethereal
     prior to version 0.10.12, including:
     
     The SMB dissector could overflow a buffer or exhaust memory
     (CAN-2005-2365).
     
     iDefense discovered that several dissectors are vulnerable to
     format string overflows (CAN-2005-2367).
     
     A number of other portential crash issues in various dissectors
     have also been corrected.
     
     This update provides Ethereal 0.10.12 which is not vulnerable to these
     issues.
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2360
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2361
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2362
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2363
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2364
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2365
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2366
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2367
      http://www.ethereal.com/appnotes/enpa-sa-00020.html
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.1:
     f6931a74612db92aa0d4615960214854 10.1/RPMS/ethereal-0.10.12-0.1.101mdk.i586.rpm
     f8e815399aa508bf8d1fe03e19e3e8ef 10.1/RPMS/ethereal-tools-0.10.12-0.1.101mdk.i586.rpm
     00383dd9ea00d5cde9b64d0d6f03efb0 10.1/RPMS/libethereal0-0.10.12-0.1.101mdk.i586.rpm
     9bcdac91996cbbb02368c220b86de184 10.1/RPMS/tethereal-0.10.12-0.1.101mdk.i586.rpm
     feacd9f7018da58e7ff3110c2c3a96f3 10.1/SRPMS/ethereal-0.10.12-0.1.101mdk.src.rpm

     Mandrakelinux 10.1/X86_64:
     f17ca7252e3face05e6228848385b203 x86_64/10.1/RPMS/ethereal-0.10.12-0.1.101mdk.x86_64.rpm
     9b13e9b5b6320ea4eb9a83322f1a098f x86_64/10.1/RPMS/ethereal-tools-0.10.12-0.1.101mdk.x86_64.rpm
     d1d7606243229d77ab94632493ab5c12 x86_64/10.1/RPMS/lib64ethereal0-0.10.12-0.1.101mdk.x86_64.rpm
     cf99953e73c3fb87fdca96fbb01e8897 x86_64/10.1/RPMS/tethereal-0.10.12-0.1.101mdk.x86_64.rpm
     feacd9f7018da58e7ff3110c2c3a96f3 x86_64/10.1/SRPMS/ethereal-0.10.12-0.1.101mdk.src.rpm

     Mandrakelinux 10.2:
     5397caa26eaaa2760d6cf2b7f88da399 10.2/RPMS/ethereal-0.10.12-0.1.102mdk.i586.rpm
     7c8b866673c056603666296737e1938f 10.2/RPMS/ethereal-tools-0.10.12-0.1.102mdk.i586.rpm
     6de8272b6bd220ef4acd91dd7f09620b 10.2/RPMS/libethereal0-0.10.12-0.1.102mdk.i586.rpm
     b2a94687155df4359cc7b480d4a49e64 10.2/RPMS/tethereal-0.10.12-0.1.102mdk.i586.rpm
     6af1afa58f0effe14bf02adbb3b3620a 10.2/SRPMS/ethereal-0.10.12-0.1.102mdk.src.rpm

     Mandrakelinux 10.2/X86_64:
     ffcfdc52a177e3cdc38457f9cda8ae6f x86_64/10.2/RPMS/ethereal-0.10.12-0.1.102mdk.x86_64.rpm
     1d4d5bc3bdb9412d5224bd54ba161ad3 x86_64/10.2/RPMS/ethereal-tools-0.10.12-0.1.102mdk.x86_64.rpm
     cf7a1d7610c4443d1d2d1f2859bda528 x86_64/10.2/RPMS/lib64ethereal0-0.10.12-0.1.102mdk.x86_64.rpm
     34d6fc3ecd5481dcdb8e1746c74d696f x86_64/10.2/RPMS/tethereal-0.10.12-0.1.102mdk.x86_64.rpm
     6af1afa58f0effe14bf02adbb3b3620a x86_64/10.2/SRPMS/ethereal-0.10.12-0.1.102mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandriva for security. You can obtain the
     GPG public key of the Mandriva Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandriva Linux at:

      http://www.mandriva.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_(at)_mandriva.com
     _______________________________________________________________________

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Mandriva Security Team
      <security*mandriva.com>

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFC8p2UmqjQ0CJFipgRAvmbAJ9YLRV08jpwKPL5WCkjT1sEXSFsagCfUqDm
    Rq9olMMt2meDVDrSCrfpvag=
    =I6yL
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Fernando Gont: "Re: [Full-disclosure] Fernando Gont remote command execution and big mouth vulnerability"

    Relevant Pages

    • MDKSA-2005:131 - Updated ethereal packages fix multiple vulnerabilities
      ... A number of vulnerabilities were discovered in versions of Ethereal ... The SMB dissector could overflow a buffer or exhaust memory ... A number of other portential crash issues in various dissectors ... GPG public key of the Mandriva Security Team by executing: ...
      (Bugtraq)
    • MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities
      ... A number of vulnerabilities were discovered in previous version of ... and Presentation dissectors are vulnerable to buffer overflows. ... - The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2, ... GPG public key of the Mandriva Security Team by executing: ...
      (Bugtraq)
    • [Full-disclosure] MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities
      ... A number of vulnerabilities were discovered in previous version of ... and Presentation dissectors are vulnerable to buffer overflows. ... - The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2, ... GPG public key of the Mandriva Security Team by executing: ...
      (Full-Disclosure)
    • [Full-disclosure] [ MDVSA-2014:047 ] postgresql
      ... library contained these vulnerabilities along with some of its own ... Mandriva Business Server 1/X86_64: ... All packages are signed by Mandriva for security. ... GPG public key of the Mandriva Security Team by executing: ...
      (Full-Disclosure)
    • [ MDVSA-2014:047 ] postgresql
      ... library contained these vulnerabilities along with some of its own ... Mandriva Business Server 1/X86_64: ... All packages are signed by Mandriva for security. ... GPG public key of the Mandriva Security Team by executing: ...
      (Bugtraq)