Version 0.99.0 of Ethereal is expected to be released in the next few days. It fixes another slew of security issues. The 0.99.x set of releases is intended to be a set of milestones that progress to v1.0. For the purposes of distribution it should be considered stable. The following issues were found using our internal testing processes: The H.248 dissector could crash. Fixed in r16967, r17015 Bug IDs: 651 Versions affected: 0.10.14. The UMA dissector could go into an infinite loop. Fixed in r17119, r17273 Bug IDs: 716 Versions affected: 0.10.12 - 0.10.14. The X.509if dissector could crash. Fixed in r16995, r17337 Bug IDs: None Versions affected: 0.10.14. The SRVLOC dissector could crash. Fixed in r17001 Bug IDs: None Versions affected: 0.10.0 - 0.10.14. The H.245 dissector could crash. Fixed in r17022 Bug IDs: 667 Versions affected: 0.10.13 - 0.10.14. Ethereal's OID printing routine was susceptible to an off-by-one error. Fixed in r17048 Bug IDs: 698 Versions affected: 0.10.14. The COPS dissector could overflow a buffer. Fixed in r17051 Bug IDs: None Versions affected: 0.9.15 - 0.10.14. The ALCAP dissector could overflow a buffer. Fixed in r17495 Bug IDs: 794 Versions affected: 0.10.14. The following issues were found by Coverity under a grant funded by the U.S. Department of Homeland Security: The statistics counter could crash Ethereal. Fixed in r17497 Bug IDs: None Coverity CID 32 Versions affected: 0.10.10 - 0.10.14. Ethereal could crash while reading a malformed Sniffer capture. Fixed in r17556 Bug IDs: None Coverity CID 33 Versions affected: 0.8.12 - 0.10.14. An invalid display filter could crash Ethereal. Fixed in r17555 Bug IDs: None Coverity CID 34 Versions affected: 0.9.16 - 0.10.14. The general packet dissector could crash Ethereal. Fixed in r17494 Bug IDs: None Coverity CID 35 Versions affected: 0.10.9 - 0.10.14. The AIM dissector could crash Ethereal. Fixed in r17512 Bug IDs: None Coverity CID 39 Versions affected: 0.10.7 - 0.10.14. The RPC dissector could crash Ethereal. Fixed in r17546 Bug IDs: None Coverity CID 40 Versions affected: 0.9.8 - 0.10.14. The DCERPC dissector could crash Ethereal. Fixed in r17657 Bug IDs: None Coverity CID 41 Versions affected: 0.9.16 - 0.10.14. The ASN.1 dissector could crash Ethereal. Fixed in r17548, r17710, r17736, r17770 Bug IDs: None Coverity CID 42, 43, 146 Versions affected: 0.9.8 - 0.10.14. The SMB PIPE dissector could crash Ethereal. Fixed in r17509, r17523, r17621, r17708 Bug IDs: None Coverity CID 44, 46, 47, 48 Versions affected: 0.8.20 - 0.10.14. The BER dissector could loop excessively. Fixed in r17498, r17625 Bug IDs: None Coverity CID 67, 68, 136 Versions affected: 0.10.4 - 0.10.14. The SNDCP dissector could abort. Fixed in r17518 Bug IDs: None Coverity CID 73 Versions affected: 0.10.4 - 0.10.14. The Network Instruments file code could overrun a buffer. Fixed in r17520 Bug IDs: None Coverity CID 82 Versions affected: 0.10.0 - 0.10.14. The NetXray/Windows Sniffer file code could overrun a buffer. Fixed in r17580 Bug IDs: None Coverity CID 83 Versions affected: 0.10.13 - 0.10.14. The GSM SMS dissector could crash Ethereal. Fixed in r17506 Bug IDs: None Coverity CID 104 Versions affected: 0.9.16 - 0.10.14. The ALCAP dissector could overrun a buffer. Fixed in r17724 Bug IDs: None Coverity CID 105 Versions affected: 0.10.14. The telnet dissector could overrun a buffer. Fixed in r17487 Bug IDs: None Coverity CID 106 Versions affected: 0.8.5 - 0.10.14. ASN.1-based dissectors could crash Ethereal. Fixed in r17489 Bug IDs: None Coverity CID 109 Versions affected: 0.9.10 - 0.10.14. The H.248 dissector could crash Ethereal. Fixed in r17571 Bug IDs: None Coverity CID 113,114 Versions affected: 0.10.11 - 0.10.14. The DCERPC NT dissector could crash Ethereal. Fixed in r17511 Bug IDs: None Coverity CID 128 Versions affected: 0.9.14 - 0.10.14. The PER dissector could crash Ethereal. Fixed in r17511 Bug IDs: None Coverity CID 135 Versions affected: 0.9.14 - 0.10.14. Notes "Could crash" in the descriptions above is a euphemism for "could dereference a null pointer". The Coverity audit turned up several UI-related bugs that could make Ethereal crash (mostly null pointer exceptions).
Marcelo please be ready to bump.
*** Bug 131197 has been marked as a duplicate of this bug. ***
Opening since this is public now.
Correct URL.
ethereal fun. enjoy boys and girls.
ppc stable
I'm not going to mark it as a blocker. just FYI the experimental feature --as-needed has a bug with ethereal-0.99.0 (bug 131252)
Stable on SPAWK
on x86: [ebuild N ] net-analyzer/ethereal-0.99.0 -adns +gtk -ipv6 -kerberos -snmp +ssl -threads Compiles fine and seems to work good too. I've tested some basic functionality since I'm working for school on a SIP assignment. So I had a good chance to test it. emerge info _____________________________________________ Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.16.9 i686) ================================================================= System uname: 2.6.16.9 i686 AMD Athlon(tm) 64 Processor 3200+ Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=k8 -O2 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/share/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=k8 -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo/" LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowext X aac acpi alsa apache2 avi bitmap-fonts bzip2 cairo cdb cdparanoia cli crypt ctype cups dri dvd dvdread eds encode esd exif expat fam ffmpeg firefox foomaticdb ftp gd gdbm gif gstreamer gtk gtk2 iconv icu idn isdnlog jpeg jpeg2k kde kdeenablefinal libwww lm_sensors mad mmx mmxext mozsvg mp3 mpeg mplayer msn mysql ncurses network nls nomotif nptl nptlonly nsplugin ogg opengl pcre pdflib php png posix ppds pppd qt quicktime rdesktop readline reflection rtc session sharedmem sockets spl sse sse2 ssl svg tcpd tetex tiff truetype truetype-fonts type1-fonts udev unicode userlocales vorbis win32codecs xml xml2 xorg xpm xv zlib video_cards_radeon input_devices_keyboard input_devices_mouse userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY
alpha stable.
Stable on x86
stable on ppc64
amd64 stable
GLSA 200604-17 ia64 don't forget to mark stable to benifit from the GLSA.
ia64 ping. Feel free to remove 0.10* after keywording 0.99.0