Subject: GLSA: ethereal (200311-04)
Newsgroups: gmane.linux.gentoo.announce
Date: 2003-11-24 17:41:48 GMT (5 years, 31 weeks, 6 days, 20 hours and 29 minutes ago)
--------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-04 --------------------------------------------------------------------------- GLSA: 200311-04 package: net-analyzer/ethereal summary: Security problems in Ethereal 0.9.15 severity: normal Gentoo bug: 32691 date: 2003-11-22 CVE: none exploit: remote affected: <0.9.16 fixed: >=0.9.16 DESCRIPTION: Quote from <http://www.ethereal.com/appnotes/enpa-sa-00011.html>: Potential security issues have been discovered in the following protocol dissectors: * An improperly formatted GTP MSISDN string could cause a buffer overflow. * A malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash. * The SOCKS dissector was susceptible to a heap overlfow. Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. Resolution: Upgrade to 0.9.16. If you are running a version prior to 0.9.16 and you cannot upgrade, you can disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them from the list. SOLUTION: It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal 0.9.x upgrade: emerge sync emerge '>=net-analyzer/ethereal-0.9.16' emerge clean -- Andrea Barisani <lcars <at> gentoo.org> .*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0xC9EE0905 http://dev.gentoo.org/~lcars/pubkey.asc ( ) 491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^