[PLDSA 39-1] New ethereal packages fix local arbitrary code execution

Krzysiek Taraszka dzimi at pld.org.pl
Sat May 3 15:43:38 CEST 2003 

- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 39-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
10 March 2003				http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to ethereal-0.9.8-1
Vulnerability  : arbitrary code execution
Problem-Type   : local
PLD-specific   : no
Upstream URL   : www.ethereal.com/appnotes/enpa-sa-00008.html

It may be possible to make Ethereal crash or run arbitrary code by injecting 
a purposefully malformed packet onto the wire, or by convincing someone to 
read a malformed packet trace file.

The above problems have been fixed in version 0.9.10-1 for the
current stable distribution (ra).

We recommend that you upgrade your ethereal packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'ethereal*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'ethereal*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/ethereal-0.9.10-1.src.rpm
       MD5 checksum: 981cf88210f050a967d43521ceb5704d

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/tethereal-0.9.10-1.src.rpm
       MD5 checksum: 54643884708bcda19dcc311c12c44dd5

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/ethereal-0.9.10-1.i386.rpm
       MD5 checksum: 4f2903f2826a281140af69dd8a87171c

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/ethereal-common-0.9.10-1.i386.rpm
       MD5 checksum: 0ecd5a9ec258b47a18f3c91ed543ef19

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/ethereal-tools-0.9.10-1.i386.rpm
       MD5 checksum: 089a7dcedeafc8881eb5628426223e32

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/tethereal-0.9.10-1.i386.rpm
       MD5 checksum: 7bf9643292635b6bbf575083f6ad678a


  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/ethereal-0.9.10-1.i586.rpm
       MD5 checksum: ea9aaba4b67be1b55ec690945a300484

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/ethereal-common-0.9.10-1.i586.rpm
       MD5 checksum: bca269bf8d74310f6f012865629f165c

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/ethereal-tools-0.9.10-1.i586.rpm
       MD5 checksum: c7b174138440fba96cdffb87f9f26c8e

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/tethereal-0.9.10-1.i586.rpm
       MD5 checksum: 299b9a21570b11d02b2eb0f92d841196


  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/ethereal-0.9.10-1.i686.rpm
       MD5 checksum: f2d1decbc8e510db60f6b9eae2c96c74

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/ethereal-common-0.9.10-1.i686.rpm
       MD5 checksum: 67829b30c17193b09d9f842e3f7ee3af

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/ethereal-tools-0.9.10-1.i686.rpm
       MD5 checksum: 524f1180453aafcf865519ce44136c12

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/tethereal-0.9.10-1.i686.rpm
       MD5 checksum: 2c80824d5c8349a08ae4306ce4d6bee0


  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/ethereal-0.9.10-1.ppc.rpm
       MD5 checksum: c68f8a9ce8071bfadee826d474c5f726

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/ethereal-common-0.9.10-1.ppc.rpm
       MD5 checksum: 7af991d805a5035eb46801c259dc276d

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/ethereal-tools-0.9.10-1.ppc.rpm
       MD5 checksum: 7d1099cd8b9c231e55a4c46f226ff2ab

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/tethereal-0.9.10-1.ppc.rpm
       MD5 checksum: e133202b6dc5e5e98ac7250d7a6048b6


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security

More information about the pld-security-announce mailing list