ETA on the official release of 0.10.9 is Wednesday, January 19 at 3:00 PM CST (21:00 UTC). Notification will be made via the ethereal-announce mailing list and the web site. Details and CAN follow: All different flaw types looking at the patches, therefore one cve name per issue: > Ethereal 0.10.9 is scheduled to be released tomorrow (January 18). It > will address the following issues: > > The COPS dissector could go into an infinite loop. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13075 CAN-2005-0006 > The DLSw dissector could cause an assertion, making Ethereal exit > prematurely. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13012 CAN-2005-0007 > The DNP dissector could cause memory corruption. > Versions affected: 0.10.5 - 0.10.8 > Fixed in revision: 13083 CAN-2005-0008 > The Gnutella dissector could cuase an assertion, making Ethereal exit > prematurely. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13032 CAN-2005-0009 > The MMSE dissector could free statically-allocated memory. > Versions affected: 0.10.4 - 0.10.8 > Fixed in revision: 12801 CAN-2005-0010 > The X11 dissector is vulnerable to a string buffer overflow. > Versions affected: 0.8.10 - 0.10.8 > Fixed in revision: 13057 CAN-2005-0084
Eldad please be ready to bump when the official announcement is made.
GLSA drafted. Security, please review.
Eldad pointed at dragonheart.
2100 isn't going to be a problem for me. I'm going to start work late. Not much going on so no need for any contingency that may or may not have been made.
Created attachment 48945 [details] ethereal-0.10.9.ebuild this works on the prerelease. Change SRC_URI and remove S= for final release. bad fonts running ethereal - remove ~/.gtkrc
Note that this is still not public so NOTHING can go into CVS and the ebuild is currently based on a prerelease. Please test the attached ebuild and report back success/failure. Calling individual testers: sparc -> weeve@gentoo.org alpha -> kloeri@gentoo.org amd64 -> blubb@gentoo.org
Release postponed 24 hours = prerelease is not final. Uncalling arch testers.
This is now public. Netmon please commit a fixed ebuild and call alpha, sparc and amd64.
ethereal-0.10.9 is in the tree. tested on x86 with USE="-*" KEYWORDS="~x86 ~sparc ~ppc ~alpha ~amd64 ~ia64 ~ppc64"
arch's please mark stable.
Does this affect net-wireless/kismet as well? It used the ethereal wiretap library...
stable on x86
stable on sparc, ppc, amd64.
Stable on alpha.
GLSA 200501-27 (phew!) ia64, ppc64, please mark stable to benefit from GLSA. Regarding Henrik's Comment #11 :: Bug #78892 has been opened with the Audit team to verify this. Thanks archs for your quick responses ;)
stable on ppc64
