Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 51022

Summary: net-analyzer/ethereal 0.10.4 has security fixes
Product: Gentoo Security Reporter: tklauser
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: blocker CC: mjolnir, netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.ethereal.com
Whiteboard: A1 [glsa]
Package list:
Runtime testing required: ---

Description tklauser 2004-05-14 01:58:24 UTC 
There is a new version of ethereal available on http://www.ethereal.com/download.html
Comment 1 Martin Jackson (RETIRED) gentoo-dev 2004-05-20 16:35:12 UTC 
Additionally, this version addresses security issues.  Reference ethereal application advisory:

http://www.ethereal.com/appnotes/enpa-sa-00014.html
Comment 2 Martin Jackson (RETIRED) gentoo-dev 2004-05-20 16:35:56 UTC 
Additionally, this version addresses security issues.  Reference ethereal application advisory:

http://www.ethereal.com/appnotes/enpa-sa-00014.html
Comment 3 Devon 2004-05-20 19:51:16 UTC 
I copied the ethereal-0.10.3.ebuild file to ethereal-0.10.4.ebuild and copied files/0.10.3-gcc34.patch to files/0.10.4-gcc34.patch and Ethereal compiled fine for me. I am using this on a headless machine, so I was only able to test tethereal and not use it under X. I can try X later when I use a different machine.

# /usr/bin/tethereal -v
tethereal 0.10.4
Compiled with GLib 1.2.10, with libpcap 0.8.3, with libz 1.1.4,
with libpcre 4.4, without UCD-SNMP or Net-SNMP, without ADNS.
Running with libpcap version 0.8.3 on Linux 2.4.25-grsec-1.9.14.
Comment 4 Devon 2004-05-21 07:42:10 UTC 
I compliled ethereal 0.10.4 on a box with X and the X GUI works for me too. Basic packet capture of HTTP, NTP, SMTP+TLS, IMAP-SSL, SSH, DNS, etc works for me.

ethereal 0.10.4
Compiled with GTK+ 2.4.0, with GLib 2.4.0, with libpcap 0.8.3, with libz 1.1.4,
with libpcre 4.4, without UCD-SNMP or Net-SNMP, without ADNS.
Running with libpcap version 0.8.3 on Linux 2.4.22-gentoo-r2.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-05-31 03:08:05 UTC 
Security taking ownership as this is a serious security issue...
netmon : please make a quick bump to 0.10.4 !

target keywords are : "x86 ppc sparc alpha amd64 ia64"
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-05-31 03:09:26 UTC 
*** Bug 52490 has been marked as a duplicate of this bug. ***
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-05-31 03:46:22 UTC 
GLSA drafted. Security guys please review.
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2004-05-31 09:10:00 UTC 
0.10.14 is in portage.
Arches: please test and mark stable.
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2004-05-31 09:10:55 UTC 
typo : I mean net-analyzer/ethereal-0.10.4, not .14 :)
-K
Comment 10 Danny van Dyk (RETIRED) gentoo-dev 2004-05-31 13:34:59 UTC 
Stable on amd64.
Comment 11 Jason Wever (RETIRED) gentoo-dev 2004-05-31 16:10:42 UTC 
Stable on sparc.
Comment 12 Bryan Østergaard (RETIRED) gentoo-dev 2004-06-01 11:21:05 UTC 
Stable on alpha.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2004-06-03 06:44:18 UTC 
ppc: please mark stable.
Comment 14 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-06-03 13:35:05 UTC 
GLSA draft looks good to me.
Comment 15 Luca Barbato gentoo-dev 2004-06-03 14:08:49 UTC 
Marked ppc
Comment 16 Thierry Carrez (RETIRED) gentoo-dev 2004-06-04 00:54:08 UTC 
Ready to send
Comment 17 Thierry Carrez (RETIRED) gentoo-dev 2004-06-04 12:32:28 UTC 
GLSA 200406-01