[PLDSA 17-1] New ethereal packages fix multiple vulnerabilities

Thu Jan 30 14:11:23 CET 2003

- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 17-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
13 January 2003 			http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to ethereal-0.9.6-4		
Vulnerability  : multiple issues
Problem-Type   : local
PLD-specific   : no
Upstream URL   : www.ethereal.com/appnotes/enpa-sa-00007.html

It may be possible to make Ethereal crash or hang by injecting a purposefully malformed
packet onto the wire, or by convincing someone to read a malformed packet trace file. It
may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer
problems.

The above problems have been fixed in version 0.9.8-1 for the
current stable distribution (ra).

We recommend that you upgrade your ethereal packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'ethereal*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'ethereal*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/ethereal-0.9.8-1.src.rpm
       MD5 checksum: 9a3541166a56fc1febedac79987d8cdd

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/tethereal-0.9.8-1.src.rpm
       MD5 checksum: 6510047ad9bdba7f503c4428bb036811

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/ethereal-0.9.8-1.i386.rpm
       MD5 checksum: e8dafd122f4722d8917a15fb5de799b8

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/ethereal-common-0.9.8-1.i386.rpm
       MD5 checksum: bb010466f441a2b8bb87f8af030f7304

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/ethereal-tools-0.9.8-1.i386.rpm
       MD5 checksum: d64c3df6d62be1ab338ab6e2face28b7

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/tethereal-0.9.8-1.i386.rpm
       MD5 checksum: ec79d450a1746a769d0f31922692b827

  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/ethereal-0.9.8-1.i586.rpm
       MD5 checksum: 0b0279933452f9eab7670d242aa12089

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/ethereal-common-0.9.8-1.i586.rpm
       MD5 checksum: dc43d49e2e4eb6b5ff72296829e37b75

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/ethereal-tools-0.9.8-1.i586.rpm
       MD5 checksum: 83efd793674a6740a69a4a026ab194e9

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/tethereal-0.9.8-1.i586.rpm
       MD5 checksum: 762df25f2539418825b660dda1b4dde6

  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/ethereal-0.9.8-1.i686.rpm
       MD5 checksum: 01b6fc734b186fc76e100227c9ce35f1

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/ethereal-common-0.9.8-1.i686.rpm
       MD5 checksum: 3e60f100c82bfb14807417aa617744ce

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/ethereal-tools-0.9.8-1.i686.rpm
       MD5 checksum: 8d377ab897f9403526d5369d454bb26b

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/tethereal-0.9.8-1.i686.rpm
       MD5 checksum: ff5cb198405e5f0100bc29cc50089004

  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/ethereal-0.9.8-1.ppc.rpm
       MD5 checksum: e714fbcd4b4eb01a48eec0bef0ea9de9

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/ethereal-common-0.9.8-1.ppc.rpm
       MD5 checksum: e9aad146d4642cb8e331ef36bc4eac1e

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/ethereal-tools-0.9.8-1.ppc.rpm
       MD5 checksum: 21db82d2f94890110e8eb7113f412756

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/tethereal-0.9.8-1.ppc.rpm
       MD5 checksum: be16c8bd2994050555a590a53c45a3c9

-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security