[17770] in bugtraq
[CLSA-2000:342] Conectiva Linux Security Announcement - ethereal
daemon@ATHENA.MIT.EDU (secure@CONECTIVA.COM.BR)
Thu Nov 23 20:03:53 2000
Message-ID: <200011231628.OAA32156@frajuto.distro.conectiva>
Date: Thu, 23 Nov 2000 14:28:05 -0200
Reply-To: secure@CONECTIVA.COM.BR
From: secure@CONECTIVA.COM.BR
X-To: lwn@lwn.net, security-alert@linuxsecurity.com,
linuxlist@securityportal.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : ethereal
SUMMARY : Buffer overflow allows remote exploit
DATE : 2000-11-23 14:27:00
ID : CLSA-2000:342
RELEVANT
RELEASES : 5.0, 5.1
- ----------------------------------------------------------------------
DESCRIPTION
Ethereal has some buffer overflows in some protocol decoders (mainly
in AFS, but Netbios, ntp, icq, ppp and resolver also have possible
buffer overflow problems). An attacker could send crafted packets to
a network that is being monitored by ethereal to exploit these
overflows.
Version 0.8.14 fixes these problems.
SOLUTION
All ethereal users should upgrade immediately.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ethereal-0.8.14-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/ethereal-0.8.14-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ethereal-0.8.14-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/ethereal-0.8.14-1cl.i386.rpm
- ----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
- -----------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes
- ----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@papaleguas.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6HUWU42jd0JmAcZARAr38AJ48xl1mwehKxsjmhuiLSZw7pnhNQACgg8cg
O1ex+hMg4N8/TPXEL7Tl4AE=
=ffzE
-----END PGP SIGNATURE-----
