*** This bug has been split off bug 142952 *** ------- Original comment by Mark J. Cox (Security Response Team) on 2004.12.15 05:13 ------- Gerald Combs said that Ethereal 0.10.8 is scheduled to be released tomorrow (December 15). It will address the following CAN-2004-1139 DICOM crash: Buffer overflows Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash. Versions affected: 0.10.4 - 0.10.7 Revision fixed: 12504 CAN-2004-1140 RTP timestamp: fills hard disk due to int overflow An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space. Versions affected: 0.9.16 - 0.10.7 Revision fixed: 12656 CAN-2004-1141 HTTP dissector OOB read The HTTP dissector could access previously-freed memory, causing a crash. Versions affected: 0.10.1 - 0.10.7 Revision fixed: 12640 & 12668 CAN-2004-1142 SMB hang from infinite loop Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization.<br> Versions affected: 0.9.0 - 0.10.7 Revision fixed: 12706 Embargoed until 20041215 Also affects RHEL2.1
It's on the day-0 tracker bug, so need to get this sorted out. Either way, I'm throwing it into ASSIGNED, as I don't think "modified" is right.
Will propably come out later due to new security bug #145483
Update fixing this issues will come out with ethereal-0.10.9
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-037.html