aru Posted December 20, 2004 Share Posted December 20, 2004 Mandrakesoft Security Advisories MDKSA-2004:152 : ethereal Updated ethereal packages fix multiple vulnerabilities December 20th, 2004 A number of vulnerabilities were discovered in Ethereal: - Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash (CAN-2004-1139) - An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space (CAN-2004-1140) - The HTTP dissector could access previously-freed memory, causing a crash (CAN-2004-1141) - Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization (CAN-2004-1142) Ethereal 0.10.8 was released to correct these problems and is being provided. The released versions of Mandrake GNU/Linux affected are: 10.0 10.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:152 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1142 http://www.ethereal.com/appnotes/enpa-sa-00016.html Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.11 2004/10/23 09:47:46 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts