Applications Management Engineer Sr (NYC) Next Step Systems US-NY-New York Post A Job | Post A Resume

[ Thanks to SOT Linux Security Team for this link. ]

---------------------------------------------------------------------
                   SOT Linux Security Advisory

Subject:           Updated ethereal package for SOT Linux 2002
Advisory ID:       SLSA-2003:4
Date:              Sunday, January 12, 2003
Product:           SOT Linux 2002
---------------------------------------------------------------------

1. Problem description

Multiple integer signedness errors in the BGP dissector
in Ethereal 0.9.7 and earlier allow remote attackers to cause
a denial of service (infinite loop) via malformed messages.

Users of ethereal are advised to install updated package.



2. Updated packages

SOT Linux 2002 Server:

i386:
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-base-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-gnome-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-gtk+-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-kde-0.9.8-2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/ethereal-usermode-0.9.8-2.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/ethereal-0.9.8-2.src.rpm


3. Upgrading package

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Download the updated package from the SOT Linux FTP site
(use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command:
rpm -Uvh <filename>


4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command:
rpm --checksig <filename>

If you wish to verify the integrity of the downloaded package, run
"md5sum <filename>" and compare the output with data given below.


Package Name                                    MD5 sum
---------------------------------------------------------------------
/Server/i386/ethereal-base-0.9.8-2.i386.rpm     eeaba702b896e8f9f932b68c3bf148b1
/Server/i386/ethereal-gnome-0.9.8-2.i386.rpm    15d98651ac54579db01fd54b5453fa1c
/Server/i386/ethereal-gtk+-0.9.8-2.i386.rpm     7a23b0cdda28ea9a9472d91b81831842
/Server/i386/ethereal-kde-0.9.8-2.i386.rpm      eb9d1ce85774de4659792cea3e57c8c5
/Server/i386/ethereal-usermode-0.9.8-2.i386.rpm 83bebccab0320478739c391226c94031
/Server/SRPMS/ethereal-0.9.8-2.src.rpm          b7cbe8fb7090adea263da25ebf0e0630


5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1356
http://www.ethereal.com/appnotes/enpa-sa-00007.html