| Summary: | net-analyzer/ethereal: New release fix security issues | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | mobile+disabled, netmon |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://www.ethereal.com/appnotes/enpa-sa-00016.html | ||
| Whiteboard: | A3 [glsa] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
eldad please be ready to bump when the update is released later today. I'm available, ping me at IRC as soon as 0.10.8 gets out. >
> Matthew Bing discovered a bug in DICOM dissection that could make > Ethereal crash. > Versions affected: 0.10.4 - 0.10.7 > Revision fixed: 12504 CAN-2004-1139 > An invalid RTP timestamp could make Ethereal hang and create a large > temporary file, possibly filling available disk space. > Versions affected: 0.9.16 - 0.10.7 > Revision fixed: 12656 CAN-2004-1140 > The HTTP dissector could access previously-freed memory, causing > a crash. > Versions affected: 0.10.1 - 0.10.7 > Revision fixed: 12640 & 12668 CAN-2004-1141 > Brian Caswell discovered that an improperly formatted SMB packet > could make Ethereal hang, maximizing CPU utilization.<br> > Versions affected: 0.9.0 - 0.10.7 > Revision fixed: 12706 CAN-2004-1142 Opening this is public now. *** Bug 74466 has been marked as a duplicate of this bug. *** Really opening it Waiting for upstream release... released upstream. testing now. x86 stable Thx Eldad. Arches please mark stable. Keep on sparc'in stable on ppc Alpha stable. we need pcc64 as well. mobile herd: kismet depends on various ethereal version. Since we are going to purge every version beside 0.10.8, please update your ebuilds... amd64 done ppc: please mark net-wireless/kismet-2004.10.1-r1 as 'ppc'. sparc: please mark net-wireless/kismet-2004.10.1-r1 as '~sparc'. ppc done. stable on ppc64 Masked on sparc because it is unknown if this application even works on SPARC and we do not have an effective way to test it. Thx Brix for noting the Kismet problem. This one is ready for GLSA. what about ia64? ia64 is not a security-supported arch (see security policy at http://www.gentoo.org/security/en/vulnerability-policy.xml), so we cc them but they don't block GLSA release. GLSA goes out when all security-supported arches are ready. GLSA 200412-15 stable on ia64 |
Ethereal 0.10.8 is scheduled to be released tomorrow (December 15). It will address the following issues: Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash. Versions affected: 0.10.4 - 0.10.7 Revision fixed: 12504 An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space. Versions affected: 0.9.16 - 0.10.7 Revision fixed: 12656 The HTTP dissector could access previously-freed memory, causing a crash. Versions affected: 0.10.1 - 0.10.7 Revision fixed: 12640 & 12668 Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. Versions affected: 0.9.0 - 0.10.7 Revision fixed: 12706 Ethereal's SVN repository can be browsed online at http://anonsvn.ethereal.com/viewcvs/viewcvs.py/ Information on checking out the source code directly can be found at http://www.ethereal.com/development.html#source