Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

  • With 81% of employees using their phones at work, companies have stopped asking: "Is corporate data leaking from personal devices?" and started asking:...
    Download

  • Corporate e-Learning technology has a long and diverse pedigree. As far back as the 1980s, companies were adopting computer-based training to supplement...
    Download

More on LinuxToday


SOT Linux 2002 Advisory: ethereal

Jan 13, 2003, 05:17 (0 Talkback[s])

[ Thanks to SOT Linux Security Team for this link. ]

---------------------------------------------------------------------
                   SOT Linux Security Advisory

Subject:           Updated ethereal package for SOT Linux 2002
Advisory ID:       SLSA-2003:4
Date:              Sunday, January 12, 2003
Product:           SOT Linux 2002
---------------------------------------------------------------------

1. Problem description

Multiple integer signedness errors in the BGP dissector
in Ethereal 0.9.7 and earlier allow remote attackers to cause
a denial of service (infinite loop) via malformed messages.

Users of ethereal are advised to install updated package.



2. Updated packages

SOT Linux 2002 Server:

i386:
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-base-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-gnome-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-gtk+-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-kde-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-usermode-0.9.8-2.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/ethereal-0.9.8-2.src.rpm


3. Upgrading package

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Download the updated package from the SOT Linux FTP site
(use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command:
rpm -Uvh <filename>


4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command:
rpm --checksig <filename>

If you wish to verify the integrity of the downloaded package, run
"md5sum <filename>" and compare the output with data given below.


Package Name                                    MD5 sum
---------------------------------------------------------------------
/Server/i386/ethereal-base-0.9.8-2.i386.rpm     eeaba702b896e8f9f932b68c3bf148b1
/Server/i386/ethereal-gnome-0.9.8-2.i386.rpm    15d98651ac54579db01fd54b5453fa1c
/Server/i386/ethereal-gtk+-0.9.8-2.i386.rpm     7a23b0cdda28ea9a9472d91b81831842
/Server/i386/ethereal-kde-0.9.8-2.i386.rpm      eb9d1ce85774de4659792cea3e57c8c5
/Server/i386/ethereal-usermode-0.9.8-2.i386.rpm 83bebccab0320478739c391226c94031
/Server/SRPMS/ethereal-0.9.8-2.src.rpm          b7cbe8fb7090adea263da25ebf0e0630


5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1356
http://www.ethereal.com/appnotes/enpa-sa-00007.html
Copyright(c) 2001, 2002 SOT