Gerald Combs reported multiple issues in Ethereal to vendor-sec >Ethereal 0.10.9 is scheduled to be released tomorrow (January 18). It >will address the following issues: > > The COPS dissector could go into an infinite loop. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13075 CAN-2005-0006 > The DLSw dissector could cause an assertion, making Ethereal exit > prematurely. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13012 CAN-2005-0007 > The DNP dissector could cause memory corruption. > Versions affected: 0.10.5 - 0.10.8 > Fixed in revision: 13083 CAN-2005-0008 > The Gnutella dissector could cuase an assertion, making Ethereal exit > prematurely. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13032 CAN-2005-0009 > The MMSE dissector could free statically-allocated memory. > Versions affected: 0.10.4 - 0.10.8 > Fixed in revision: 12801 CAN-2005-0010 > The X11 dissector is vulnerable to a string buffer overflow. > Versions affected: 0.8.10 - 0.10.8 > Fixed in revision: 13057 CAN-2005-0084
Radek, I'm thinking we should just wait for the new ethereal version, then re-roll the RHEL errata packages.
This issue is also going to affect RHEL2.1
We should ship ethereal labeled as dangerous software and only for skilled users. Of course waiting for 0.10.9 makes sence ..
Ethereal updated to version 0.10.9
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-011.html