|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-3249: ethereal: new version fixes several security-related bugs | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | postadal, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | CVE-2005-3249: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | mentioned file | ||
|
Description
Thomas Biege
2005-10-17 07:05:05 UTC
Thomas, could I prepare version update to save time? (same as last time we do it) yes, please version update. it is probably too timextensive to seperate a patch. CAN-2005-3241 ISAKMP "exhaust system memory" from 0.10.11 to 0.10.12 FC-FCS "exhaust system memory" from 0.9.0 to 0.10.12 RSVP "exhaust system memory" from 0.9.4 to 0.10.12 ISIS LSP "exhaust system memory" from 0.8.18 to 0.10.12 CAN-2005-3242 IrDA crash from 0.10.0 to 0.10.12 SMB crash from 0.9.7 to 0.10.12 CAN-2005-3243 SLIMP3 "buffer overflow" from 0.9.1 to 0.10.12 AgentX "buffer overflow" from 0.10.10 to 0.10.12 CAN-2005-3244 BER "infinite loop" from 0.10.3 to 0.10.12 CAN-2005-3245 ONC RPC "exhaust system memory" from 0.7.7 to 0.10.12 CAN-2005-3246 SCSI "null dereference" from 0.10.3 to 0.10.12 sFlow "null dereference" from 0.9.14 to 0.10.12 RTnet "null dereference" from 0.10.8 to 0.10.12 CAN-2005-3247 SigComp UDVM "infinite loop or crash" 0.10.12 CAN-2005-3248 X11 "divide by zero" from 0.10.1 to 0.10.12 CAN-2005-3249 WSP "free an invalid pointer" from 0.10.1 to 0.10.12 CAN-2005-3184 (already assigned to iDEFENSE) SRVLOC "buffer overflow (iDEFENSE)" from 0.10.0 to 0.10.12 submited for sles8, sles9, 9.1, 9.2, 9.3, 10.0 and STABLE Maintenance-Tracker-2654 i will do patchinfos. The 9,0 version is missing... 9.0 submited Date: Wed, 26 Oct 2005 11:32:31 +0200 From: Thierry Carrez <koon@gentoo.org> To: Gerald Combs <gerald@ethereal.com> Cc: vendor-sec@lst.de Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.13) fixes several vulnerabilities [-- Anhang #1 --] [-- Typ: text/plain, Kodierung: 7bit, Größe: 0,6K --] Gerald Combs wrote: > A couple of last-minute bugs popped up. 0.10.13 is now available on the > Ethereal web site. Gerald, We are preparing Gentoo packages for ethereal-0.10.13 and during QA we observed a freeze (with 100% CPU usage) when loading the attached dump.pkt capture file in ethereal. This has been observed at least on x86 and amd64. "tethereal -r dump.pkt" opens the file OK. Ethereal 0.10.12 opens the file OK. The regression currently blocks our security release. vendor-sec members might want to double-check their security releases using this file too. Regards, -- Thierry Carrez (Koon) Gentoo Linux Security Created attachment 55508 [details]
mentioned file
Do we need the fix? Date: Wed, 26 Oct 2005 09:57:24 -0500 From: Gerald Combs <gerald@ethereal.com> To: Thierry Carrez <koon@gentoo.org> Cc: vendor-sec@lst.de Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.13) fixes several vulnerabilities Thierry Carrez wrote: > Gerald Combs wrote: > > >>A couple of last-minute bugs popped up. 0.10.13 is now available on the >>Ethereal web site. > > > Gerald, > > We are preparing Gentoo packages for ethereal-0.10.13 and during QA we > observed a freeze (with 100% CPU usage) when loading the attached > dump.pkt capture file in ethereal. This has been observed at least on > x86 and amd64. > > "tethereal -r dump.pkt" opens the file OK. Ethereal 0.10.12 opens the > file OK. The regression currently blocks our security release. "tethereal -Vr dump.pkt" triggered the bug here. > vendor-sec members might want to double-check their security releases > using this file too. The problem was an infinite loop in the IRC dissector. It was discovered by our build system on the 23rd: http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=548 and fixed on the 24th in revision 16290: http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-irc.c It was introduced 4 weeks ago. Unfortunately it made it into the 0.10.13 release. BTW, may we add the capture file you sent (dump.pkt) to our collection of test captures? It would be used for the "menagerie" tests at http://buildbot.ethereal.com/. _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec YES we need it. Patch added to all distros and submited. CVE-2005-3313 for the new issue updates released, thanks! CVE-2005-3249: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) |