05.10.18 CVE: CAN-2005-0699 Platform: Cross Platform Title: Ethereal RADIUS Authentication Dissection Buffer Overflow Description: Ethereal is a popular network protocol analyzer. Ethereal is affected by a remote buffer overflow vulnerability. Ethereal versions 0.10.8 and earlier are known to be vulnerable. Ref: http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04 Ethereal RADIUS Authentication Decoding Overflow Affected: Ethereal version 0.10.9 and prior Description: Ethereal is a popular open source network sniffer and protocol analyzer for UNIX and Windows platforms. The software contains a stack-based buffer overflow in parsing the RADIUS authentication packet used in CDMA2000 protocol. The buffer overflow can be exploited to execute arbitrary code with the privileges of the ethereal process (typically "root" when ethereal is being used as a sniffer). To exploit the flaw, an attacker has to either inject the malicious packets into the network traffic being sniffed by ethereal, or entice a client to open a specially crafted packet capture file. A proof-of-concept exploit has been posted. Note that any network applications based on ethereal protocol decoder modules may also be affected. Status: Vendor confirmed, fix available via CVS. Version 0.10.10 will be released in a day according to the vendor. Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. However, two sites said they would patch known installations and a third site notified their affected user base. References: Posting by LSS Security (Contains PoC exploit) http://www.securityfocus.com/archive/1/392659/2005-03-05/2005-03-11/0 Posting by Gerald Combs from ethereal http://archives.neohapsis.com/archives/bugtraq/2005-03/0176.html CDMA2000 Protocol http://www.protocols.com/pbook/cdma2000.htm Vendor Homepage http://www.ethereal.com SecurityFocus BID http://www.securityfocus.com/bid/12759 ------- Additional Comments From marcdeslauriers 2005-03-14 16:13:31 ---- The Etheric dissector was susceptible to a buffer overflow. CAN-2005-0704 The GPRS-LLC dissector could crash if the "ignore cipher bit" option CAN-2005-0705 The 3GPP2 A11 dissector was susceptible to a buffer overflow. CAN-2005-0699 ------- Additional Comments From marcdeslauriers 2005-03-15 12:54:20 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated ethereal packages to QA: Changelog: * Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers> 0.10.10-0.73.1.legacy - - Updated to 0.10.10 to fix multiple security issues (FL#2453) e0504803d83a41cf20d08d456fbc5bef3e2fdf5f 7.3/ethereal-0.10.10-0.73.1.legacy.i386.rpm 9b8f28cd118192ec1ae300a22b7ae67aa811487b 7.3/ethereal-0.10.10-0.73.1.legacy.src.rpm bd2c4e63ceaa0139e753ac478c6a5a248f45a3ff 7.3/ethereal-gnome-0.10.10-0.73.1.legacy.i386.rpm e71bef39530bf73cab457f75d3588d9a17f5666d 9/ethereal-0.10.10-0.90.1.legacy.i386.rpm 06030abcd2e807ab6a703b1956a74c4ea6a60825 9/ethereal-0.10.10-0.90.1.legacy.src.rpm c11b11f3a917f2203f2a9ebb468225da62b88e05 9/ethereal-gnome-0.10.10-0.90.1.legacy.i386.rpm 9cc190896b68f055029048480501934b61f17f91 1/ethereal-0.10.10-1.FC1.1.legacy.i386.rpm a64524f3232fc54280d2c3cd0ee6d0c523bb6ddb 1/ethereal-0.10.10-1.FC1.1.legacy.src.rpm aff2eb0bf976380912977acbf746ff988d6cd501 1/ethereal-gnome-0.10.10-1.FC1.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.10-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.10-0.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-gnome-0.10.10-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.10-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.10-0.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-gnome-0.10.10-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.10-1.FC1.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.10-1.FC1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-gnome-0.10.10-1.FC1.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCN2d2LMAs/0C4zNoRArKnAKCdN7qzWh+ujGL91SxFW+/fhGVKKgCdEvF7 Hkfi1JaIAbmBj88cWOaQ7DY= =BCyC -----END PGP SIGNATURE----- ------- Additional Comments From jpdalbec 2005-03-18 05:09:47 ---- (8) Ethereal RADIUS Authentication Decoding Overflow Description: Ethereal version 0.10.0 fixes multiple buffer overflows and denial-of-service vulnerabilities in various protocol decoders. Exploit code to leverage the flaw in RADIUS authentication has been publicly posted. Council Site Actions: No change in response due to exploit release. The two sites who are using this program have already updated their affected systems. References: Exploit Code by Diego Giago http://www.securityfocus.com/archive/1/393190/2005-03-12/2005-03-18/0 Other Overflows in Ethereal Fixed with version 0.10.0 http://www.securityfocus.com/archive/1/393026/2005-03-12/2005-03-18/0 http://www.securityfocus.com/bid/12762/discussion/ Previous @RISK Newsletter Posting http://www.sans.org/newsletters/risk/display.php?v=4&i=10#other2 ------- Additional Comments From pekkas 2005-03-18 06:11:43 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for w/ rpm-build-compare.sh: - source integrity verified from upstream - spec file changes minimal +PUBLISH RHL73,RHL9,FC1 9b8f28cd118192ec1ae300a22b7ae67aa811487b ethereal-0.10.10-0.73.1.legacy.src.rpm 06030abcd2e807ab6a703b1956a74c4ea6a60825 ethereal-0.10.10-0.90.1.legacy.src.rpm a64524f3232fc54280d2c3cd0ee6d0c523bb6ddb ethereal-0.10.10-1.FC1.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCOvzqGHbTkzxSL7QRAjBXAKC0aoym/IZ0RbqCy1f4pPB8reL5ZgCfWjPz PzbvWTIsoOEGpgjUvqv7TNQ= =ay4F -----END PGP SIGNATURE----- ------- Additional Comments From jpdalbec 2005-03-18 10:39:44 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++PUBLISH RHL 7.3, RHL 9 sha1sums: 9b8f28cd118192ec1ae300a22b7ae67aa811487b ethereal-0.10.10-0.73.1.legacy.src.rpm 06030abcd2e807ab6a703b1956a74c4ea6a60825 ethereal-0.10.10-0.90.1.legacy.src.rpm signature check: ethereal-0.10.10-0.73.1.legacy.src.rpm: Header V3 DSA signature: OK, key ID 40b8ccda Header SHA1 digest: OK (6b737febc4c5dd2a702a2b32e66c13e7fa1007b2) MD5 digest: OK (4106f4d8da735d84291a5572b0f98c14) V3 DSA signature: OK, key ID 40b8ccda ethereal-0.10.10-0.90.1.legacy.src.rpm: Header V3 DSA signature: OK, key ID 40b8ccda Header SHA1 digest: OK (77c06bc9196ba12e35b5c18cab848ffac2d01ed3) MD5 digest: OK (c1f769b13b34f6b9badd8f8582bca424) V3 DSA signature: OK, key ID 40b8ccda gpg --list-keys: pub 1024D/40B8CCDA 2004-04-28 Marc Deslauriers <marcdeslauriers> sub 1024g/2036F883 2004-04-28 Packages build OK in Mach. Exploit code does not crash ethereal or tethereal. No obvious problems noted. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCOzuiJL4A+ldA7asRAgF3AJ9mGRKp5Y6QqN3E4yG3d+UAF0KkwACePS8E H0HCAEuWsQZwgIZLvbFerDs= =CZi3 -----END PGP SIGNATURE----- ------- Bug moved to this database by dkl 2005-03-30 18:32 ------- This bug previously known as bug 2453 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2453 Originally filed under the Fedora Legacy product and Package request component. Bug blocks bug(s) 2407. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Packages were pushed to updates-testing.
05.17.32 CVE: Not Available Platform: Cross Platform Title: Ethereal RSVP Decoding Routines Denial Of Service Description: Ethereal is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way Ethereal decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets resulting in the software hanging. An attacker may exploit this issue to deny Ethereal service for legitimate users. Ethereal versions up to and including 0.10.10 are prone to this issue. Ref: http://www.securityfocus.com/bid/13391
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY for RHL9 Packages: ethereal-0.10.10-0.90.1.legacy.i386.rpm ethereal-gnome-0.10.10-0.90.1.legacy.i386.rpm Signatures: ethereal-0.10.10-0.90.1.legacy.i386.rpm: Header V3 DSA signature: NOKEY, key ID 731002fa Header SHA1 digest: OK (a4e2d6e5cf2e7625a5c554fc437876511a10d971) MD5 digest: OK (e7e04bc2b7577c49fea4ce309aaedc2d) V3 DSA signature: NOKEY, key ID 731002fa ethereal-gnome-0.10.10-0.90.1.legacy.i386.rpm: Header V3 DSA signature: NOKEY, key ID 731002fa Header SHA1 digest: OK (781a3c901198f558491e9bf4ddb669458f000d98) MD5 digest: OK (f44a4844439bbbc3c74f96063a6a765a) V3 DSA signature: NOKEY, key ID 731002fa Installed on RHL 9 without problem/error. Ran, collected some packets, no obvious problems noted. Vote for release. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCdkS94jZRbknHoPIRAs2pAJsGykULDBjCcoiEK++WHLjGG8awPgCfbXuU k1ec7DF1XV3VjmdsF5jo2hk= =ezLQ -----END PGP SIGNATURE-----
The ethereal developers seem to be preparing a new Ethereal version release for tomorrow, fixing a couple of dozen security problems: http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/NEWS?rev=14270&view=auto Maybe we should wait until that's released and re-spin so we don't need to do it immediately afterwards?
Because by the time everything is ready, has been QA'd, has been built and people start doing VERIFY's on it, a new ethereal release will come out again...
Well, we have just one verify now, and the new version is already out and merged in FC. Getting it built might take just a couple of days, because I could pretty trivially give the new packages a PUBLISH. If there was just one or two trivial fixes, it might not be worth it, but the new release fixes about 20-30 security bugs.
05.19.31 CVE: Search Results Platform: Cross Platform Title: Ethereal DISTCC Dissection Stack Buffer Overflow Description: A remote buffer overflow vulnerability reportedly affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10. Ref: http://www.securityfocus.com/advisories/8551
05.19.40 CVE: CAN-2005-1456, CAN-2005-1457, CAN-2005-1458, CAN-2005-1459, CAN-2005-1460, CAN-2005-1461, CAN-2005-1462, CAN-2005-1463, CAN-2005-1464, CAN-2005-1465, CAN-2005-1466, CAN-2005-1467, CAN-2005-1468, CAN-2005-1469, CAN-2005-1470 Platform: Cross Platform Title: Ethereal Multiple Remote Protocol Dissector Vulnerabilities Description: Ethereal is a multi-platform network protocol sniffer and analyzer. It is reported to be vulnerable to buffer overflow, format string, null pointer dereference, denial of service and double-free vulnerabilities. Ethereal versions 0.10.10 and earlier are reported to be vulnerable. Ref: http://www.securityfocus.com/bid/13504
*** Bug 152890 has been marked as a duplicate of this bug. ***
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY for RHL 7.3 Packages: ethereal-0.10.10-0.73.1.legacy.i386.rpm ethereal-gnome-0.10.10-0.73.1.legacy.i386.rpm Signatures and checksums all okay. Installed on two RHL 7.3 machines without problems/errors. Ran, collected some packets, looked at a few packet details, noticed no obvious problems or issues. Vote for release. ++VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCoLD54jZRbknHoPIRAkl4AJ48WNqQyEVE2/MjtXMVfxTcH0hBHACfcTqo /542AQIPkqqfTA8PNyUw5z8= =9sPn -----END PGP SIGNATURE-----
Looks like there are a whole bunch more vulnerabilities for ethereal, according to Bugtraq BID 14399 <http://www.securityfocus.com/bid/14399>: CAN-2005-2360, CAN-2005-2361, CAN-2005-2362, CAN-2005-2363, CAN-2005-2364, CAN-2005-2365, CAN-2005-2366, CAN-2005-2367 in addition to all those above. Wonder if we should just respin new packages for these + all those mentioned in comment #8 by John Dalbec? We can refer to RHSA-2005:687-03 of 10-Aug-2005: <http://rhn.redhat.com/errata/RHSA-2005-687.html> or <http://tinyurl.com/96u67> (Enterprise Watch List) & Bugzilla Bug #164243 It looks like Red Hat upgraded to ethereal-0-10-12 packages for all their Enterprise Linux distros. Might we be able to do the same, even for RH7.3?
Yeah, IMHO we should just update the latest ethereal (like we have done in the past). I believe the issue just has been that no one has found the time/energy to provide the new packages for all 4 versions..
*** Bug 167294 has been marked as a duplicate of this bug. ***
More vulns in #167294, but let's track this in one place..
Ethereal 0.10.13 has been released, which fixes the following issues (in addition to all above issues mentioned): * The ISAKMP dissector could exhaust system memory. (CAN-2005-3241) * The FC-FCS dissector could exhaust system memory. (CAN-2005-3241) * The RSVP dissector could exhaust system memory. (CAN-2005-3241) * The ISIS LSP dissector could exhaust system memory. (CAN-2005-3241) * The IrDA dissector could crash. (CAN-2005-3242) * The SLIMP3 dissector could overflow a buffer. (CAN-2005-3243) * The BER dissector was susceptible to an infinite loop. (CAN-2005-3244) * The SCSI dissector could dereference a null pointer and crash. (CAN-2005-3246) * If the "Dissect unknown RPC program numbers" option was enabled, the ONC RPC dissector might be able to exhaust system memory. This option is disabled by default. (CAN-2005-3245) * The sFlow dissector could dereference a null pointer and crash (CAN-2005-3246) * The RTnet dissector could dereference a null pointer and crash (CAN-2005-3246) * The SigComp UDVM could go into an infinite loop or crash. (CAN-2005-3247) * If SMB transaction payload reassembly is enabled the SMB dissector could crash. This preference is disabled by default. (CAN-2005-3242) * The X11 dissector could attempt to divide by zero. (CAN-2005-3248) * The AgentX dissector could overflow a buffer. (CAN-2005-3243) * The WSP dissector could free an invalid pointer. (CAN-2005-3249) * iDEFENSE found a buffer overflow in the SRVLOC dissector. (CAN-2005-3184) We can refer to RHSA-2005:809-6 of 25-Oct-2005: <http://rhn.redhat.com/errata/RHSA-2005-809.html> <http://tinyurl.com/97p2m> (Enterprise Watch List) & Bugzilla Bug #171062.
I am going ahead and creating new .src.rpm's for RH7.3, RH9, FC1 and FC2. Hope to have them submitted within a day or so.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is a source package for ethereal version 0.10.13 for FC1, plus the corresponding binary packages, for source-level (publish) QA: SHA1SUM Package ========================================__======================================= 382a9351d5941ab7a1c49753d136cc405d99c067>>ethereal-0.10.13-1.FC1.2.legacy.src.rpm 1e927a2aa452d427b8a39ac18eb94d615721620a>>ethereal-0.10.13-1.FC1.2.legacy.i386.rpm 7e3c55fd4f728cd25c6dd8f48a0248446da2b141>>ethereal-gnome-0.10.13-1.FC1.2.legacy.i386.rpm All at: http://fedoralegacy.org/contrib/ethereal/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFDdukrxou1V/j9XZwRAii7AKC9fAfTypr83T+RIx4n7TS1NJ+jKQCg0NGN DDmQqc40sdgp7Dq9uJD6bvw= =gCbB -----END PGP SIGNATURE-----
Oh, the changelog for the FC1 source .rpm in comment 17: * Tue Nov 8 2005 David Eisenstein <deisenst> 0.10.13-1.FC1.2.legacy - Add missing /usr/sbin/randpkt to files section so it will build. * Mon Nov 7 2005 David Eisenstein <deisenst> 0.10.13-1.FC1.1.legacy - Updated to 0.10.13 to fix multiple security issues (Bug #152922) - Removed the no-longer-needed ethereal-0.10.8-htmlview.patch - Added ethereal-0.10.6-old.patch from RHEL3 0.10.13 .src.rpm after remov- ing a hunk from it that already had been applied upstream to packet-smb.c * Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers> 0.10.10-1.FC1.1.legacy - Updated to 0.10.10 to fix multiple security issues (FL#2453)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I did QA on the fc1 ethereal package: 382a9351d5941ab7a1c49753d136cc405d99c067 ethereal-0.10.13-1.FC1.2.legacy.src.rpm - - Tarball matches upstream - - Spec file changes are good - - Patch from RHEL is good +PUBLISH Marc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDd+l2LMAs/0C4zNoRAvbLAJ0agpVuG74ly5jXFcbEm0owMCJ/EQCfbFxo EdKAfO08PgwdmEe4Nck4t4E= =PeSa -----END PGP SIGNATURE-----
Packages still needed for other distros.
a gentle reminder.. ;-)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Eisenstein's RHL 7.3, RHL 9, and FC 2 .src.rpm packages are available at http://www.fedoralegacy.org/contrib/ethereal/ although he hasn't posted a notice of their availability yet. There's also a newer FC1 package. ++PUBLISH FC2 sha1sum: e8207888a1eb25262071934faf4ecd301816dd64 ethereal-0.10.13-1.FC2.2.legacy.src.rpm Good signature: ethereal-0.10.13-1.FC2.2.legacy.src.rpm: Header V3 DSA signature: OK, key ID f8fd5d9c Header SHA1 digest: OK (5714fb66f297c8dc3edd3cc0510719d281278c08) MD5 digest: OK (ce45626b7401e21353de7741fe0cb8b1) V3 DSA signature: OK, key ID f8fd5d9c .tar.bz2 file matches download from SourceForge. Changes look reasonable. Package builds OK in mach. tethereal captures SSH packets OK. ethereal(-gnome) captures SSH packets OK once I got it to run from the mach chroot. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFDjHupJL4A+ldA7asRAig/AJsHVUfC7VoCVBCqAzPqCdo2xvOT0ACeOjkX P0HGx5MFPZ0C2QlYt5HEHec= =z+90 -----END PGP SIGNATURE-----
Oh, David has created pkgs but forgot to tell us :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity verified from upstream - spec file changes good - the one patch veririfed from RHEL; htmlview seems to have been fixed in a slightly different way in upstream, let's hope it works. +PUBLISH RHL73, RHL9, FC1 bf89a9d7d95b7a6f18af92e0df884c57a367e709 ethereal-0.10.13-0.73.1.legacy.src.rpm 76c2ae846206f4adc69103f3c3cdd99261b7da71 ethereal-0.10.13-0.90.1.legacy.src.rpm dc4c2b18dd8e0e00d5a29ef5a91101270df98a81 ethereal-0.10.13-1.FC1.3.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFDjI+lGHbTkzxSL7QRAl8tAKCOytbD5qqtqZmzt0gOLRsxjGMrjACfVX0T 1GEMUXSEYHhHfjQvehGsQw8= =+abD -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you all for having done source QA on the Ethereal packages. For the sake of completeness, here is what you tested: SHA1SUM Source Package ________________________________________ ______________________________________ bf89a9d7d95b7a6f18af92e0df884c57a367e709__ethereal-0.10.13-0.73.1.legacy.src.rpm 76c2ae846206f4adc69103f3c3cdd99261b7da71__ethereal-0.10.13-0.90.1.legacy.src.rpm dc4c2b18dd8e0e00d5a29ef5a91101270df98a81__ethereal-0.10.13-1.FC1.3.legacy.src.rpm e8207888a1eb25262071934faf4ecd301816dd64__ethereal-0.10.13-1.FC2.2.legacy.src.rpm Available at: http://fedoralegacy.org/contrib/ethereal/ethereal-0.10.13-0.73.1.legacy.src.rpm http://fedoralegacy.org/contrib/ethereal/ethereal-0.10.13-0.90.1.legacy.src.rpm http://fedoralegacy.org/contrib/ethereal/ethereal-0.10.13-1.FC1.3.legacy.src.rpm http://fedoralegacy.org/contrib/ethereal/ethereal-0.10.13-1.FC2.2.legacy.src.rpm Changelogs (changes since last release): RH7.3: * Tue Nov 22 2005 David Eisenstein <deisenst> 0.10.13-0.73.1.legacy - - Updated to 0.10.13 to fix multiple security issues (Bug #152922) - - Add lines to specfile to package /usr/sbin/{randpkt,capinfos} and {_mandir}/man1/capinfos.* * Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers> 0.10.10-0.73.1.legacy - - Updated to 0.10.10 to fix multiple security issues (FL#2453) * Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-0.73.2.legacy - - Added the evil plugins hack to get plugins built * Mon Feb 7 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-0.73.1.legacy - - Updated to 0.10.9 to fix multiple security issues (FL#2407) - - Modified configure parameters - - Added gcc patch RH9: * Mon Nov 28 2005 David Eisenstein <deisenst> 0.10.13-0.90.1.legacy - - Updated to 0.10.13 to fix multiple security issues (Bug #152922) - - Added ethereal-0.10.6-old.patch from RHEL3 0.10.13 .src.rpm. - - Package /usr/sbin/randpkt - - Add ldconfig commands to post-install and post-uninstall, like RHEL3. * Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers> 0.10.10-0.90.1.legacy - - Updated to 0.10.10 to fix multiple security issues (FL#2453) * Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-0.90.2.legacy - - Added the evil plugins hack to get plugins built * Tue Feb 8 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-0.90.1.legacy - - Updated to 0.10.9 to fix multiple security issues (FL#2407) - - Modified configure parameters FC1: * Sun Nov 27 2005 David Eisenstein <deisenst> 0.10.13-1.FC1.3.legacy - - Oops. The hunk I removed from the ethereal-0.10.6-old.patch had *NOT* been applied upstream. Reinstate it. Sorry 'bout that. * Tue Nov 8 2005 David Eisenstein <deisenst> 0.10.13-1.FC1.2.legacy - - Add missing /usr/sbin/randpkt to files section so it will build. * Mon Nov 7 2005 David Eisenstein <deisenst> 0.10.13-1.FC1.1.legacy - - Updated to 0.10.13 to fix multiple security issues (Bug #152922) - - Removed the no-longer-needed ethereal-0.10.8-htmlview.patch - - Added ethereal-0.10.6-old.patch from RHEL3 0.10.13 .src.rpm after remov- ing a hunk from it that already had been applied upstream to packet-smb.c * Mon Mar 14 2005 Marc Deslauriers <marcdeslauriers> 0.10.10-1.FC1.1.legacy - - Updated to 0.10.10 to fix multiple security issues (FL#2453) * Wed Feb 23 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-1.FC1.2.legacy - - Added the evil plugins hack to get plugins built * Tue Feb 8 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-1.FC1.1.legacy - - Updated to 0.10.9 to fix multiple security issues (FL#2407) - - Added htmlview patch - - Changed BuildRequires to gtk2 FC2: * Mon Nov 28 2005 David Eisenstein <deisenst> 0.10.13-1.FC2.2.legacy - - Add autoconf, automake16, libtool BuildRequires. * Mon Nov 28 2005 David Eisenstein <deisenst> 0.10.13-1.FC2.1.legacy - - Updated to 0.10.13 to fix multiple security issues (Bug #152922) - - Removed the no-longer-needed ethereal-0.10.8-htmlview.patch - - Package /usr/sbin/randpkt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFDjSY9xou1V/j9XZwRAmEDAJ9yJBdWOlIvo6gL5yhsNFQulwRJaQCg51+R ox+saRsANQRP/9Y+EBpcgG0= =n8Dh -----END PGP SIGNATURE-----
Packages were pushed to updates-testing
*** Bug 174478 has been marked as a duplicate of this bug. ***
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL73 and RHL9. Signatures OK. Tethereal seems to work OK. Gnome-ethereal seems to work fine on RHL9. +VERIFY RHL73, RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFDl9oRGHbTkzxSL7QRAlLcAJ9VCTnUAJezp9ntMLu4I4oTjlq88ACfagw7 j9GrUpQ4zmFYm91b/LpTDtg= =X+8N -----END PGP SIGNATURE----- Timeout in 2 weeks
Timeout over..
Packages were released to updates.