Bug 894092 (CVE-2013-0722)
Summary: | CVE-2013-0722 ettercap: stack-based buffer overflow when parsing hosts list | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | ago, costamagnagianfranco, gwync |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ettercap 0.7.5.2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-05 21:51:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 894094, 894096 | ||
Bug Blocks: |
Description
Vincent Danen
2013-01-10 16:55:23 UTC
Created ettercap tracking bugs for this issue Affects: fedora-all [bug 894094] Affects: epel-all [bug 894096] This was meant to be CVE-2013-0722, not a 2012 CVE. This has been fixed upstream, you can cherry pick the patch or wait for the next tag. The new version will bring up many bug fix including this one 0.7.5.2 fixes this issue. When is it going to be released? (In reply to comment #5) > When is it going to be released? https://github.com/Ettercap/ettercap/archive/v0.7.5.2.tar.gz Ah, I see. It's not on the website. :) Please don't update to 0.7.5.2 unless you patch include/ec_version.h file! Is still in the old version, I think we will release 0.7.5.3 soon Ok, my build failed for some reason anyway, please let me know as soon as 0.7.5.3 is out. (In reply to comment #9) > Ok, my build failed for some reason anyway, please let me know as soon as > 0.7.5.3 is out. It doesn't fail here(on gentoo), what's your problem? I was fine locally and in mock, but failed in koji in rawhide. Investigating. Might have been temporary rawhide brokenness. I wasn't requiring groff for the build, I fixed it, it's fine now. The problem for 0.7.5.2 is only cosmetic, ec_include.h defines the version as 0.7.5.1, so just the menu title is not updated, not a really bug :)) wich kind of error do you receive? Nothing, when groff is present. I don't know what groff means... :-) BTW ettercap 0.7.5.3 is out, just two minor.fix about versioning and a fedora bug fixed upstream. Excellent, thanks! This has been fixed now via: ettercap-0.7.5-3.fc16.1.20120906gitc796e5 ettercap-0.7.5-4.fc17.1.20120906gitc796e5 ettercap-0.7.5.1-1.fc18 and: ettercap-0.7.3-21.el5 ettercap-0.7.5-3.el6.1.20120906gitc796e5 |