OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 16-Apr-2004 17:52:23
Branch: HEAD Handle: 2004041616522300
Modified files:
openpkg-web/security OpenPKG-SA-2004.015-ethereal.txt
Log:
release OpenPKG Security Advisory 2004.015 (ethereal)
Summary:
Revision Changes Path
1.2 +23 -13 openpkg-web/security/OpenPKG-SA-2004.015-ethereal.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2004.015-ethereal.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.015-ethereal.txt
--- openpkg-web/security/OpenPKG-SA-2004.015-ethereal.txt 16 Apr 2004 10:29:43
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2004.015-ethereal.txt 16 Apr 2004 15:52:23
-0000 1.2
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -18,22 +21,22 @@
Dependent Packages: none
Description:
- According to a security advisory [0] based on hints from Stefan
- Esser and Jonathan Heussser, several vulnerabilities of various
- types exist in the Ethereal network protocol analyzer [1]. Namely,
- it may be possible to make Ethereal crash or run arbitrary code by
- injecting a purposefully malformed packet onto the wire, by
- convincing someone to read a malformed packet trace file, or by
- creating a malformed color filter file.
+ According to a vendor security advisory [0] based on hints from Stefan
+ Esser and Jonathan Heussser, several vulnerabilities of various types
+ exist in the Ethereal network protocol analyzer [1]. Namely, it may be
+ possible to make Ethereal crash or run arbitrary code by injecting a
+ purposefully malformed packet onto the wire, by convincing someone to
+ read a malformed packet trace file, or by creating a malformed color
+ filter file.
The Common Vulnerabilities and Exposures (CVE) project assigned the
identifiers CAN-2004-0176 [2] and CAN-2004-0365 [3] to the problems
concerning protocol dissectors and RADIUS packets.
- The zero-length presentation protocol selector vulnerability named
- in the Ethereal advisory does not affect OpenPKG though, because such
- presentation protocol selectors are not implemented in any Ethereal
- versions released by OpenPKG.
+ The zero-length presentation protocol selector vulnerability named in
+ the Ethereal vendor advisory does not affect OpenPKG though, because
+ such presentation protocol selectors are not implemented in any
+ Ethereal versions released by OpenPKG.
Please check whether you are affected by running "<prefix>/bin/rpm
-q ethereal". If you have the "ethereal" package installed and its
@@ -43,8 +46,8 @@
Solution:
Select the updated source RPM appropriate for your OpenPKG release
[6][7], fetch it from the OpenPKG FTP service [8][9] or a mirror
- location, verify its integrity [10], build a corresponding binary RPM
- from it [4] and update your OpenPKG installation by applying the
+ location, verify its integrity [10], build a corresponding binary
+ RPM from it [4] and update your OpenPKG installation by applying the
binary RPM [5]. For the most recent release OpenPKG 2.0, perform the
following operations to permanently fix the security problem (for
other releases adjust accordingly).
@@ -81,3 +84,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFAgAEggHWT4GPEy58RAi9aAKDnBOkyWmBg0h7oUnW+7xu2C6gQRgCgj7lc
+MG/GWc5NEXxBIA+9w+H21mg=
+=VIHq
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
