Oval Definition:oval:com.redhat.rhsa:def:20050687
Revision Date:2005-08-10Version:502
Title:RHSA-2005:687: ethereal security update (Moderate)
Description:The ethereal package is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-2360, CAN-2005-2361, CAN-2005-2362, CAN-2005-2363, CAN-2005-2364, CAN-2005-2365, CAN-2005-2366, and CAN-2005-2367 to these issues.

Users of ethereal should upgrade to these updated packages, which contain version 0.10.12 which is not vulnerable to these issues.

Note: To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independant Executables (PIE) for Red Hat Enterprise Linux 3 and 4. In addition FORTIFY_SOURCE has been enabled for Red Hat Enterprise Linux 4 packages to provide compile time and runtime buffer checks.
Family:unixClass:patch
Status:Reference(s):CVE-2005-2360
CVE-2005-2361
CVE-2005-2362
CVE-2005-2363
CVE-2005-2364
CVE-2005-2365
CVE-2005-2366
CVE-2005-2367
RHSA-2005:687-01
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • ethereal-gnome is earlier than 0:0.10.12-1.EL3.1
  • AND ethereal-gnome is signed with Red Hat master key
  • ethereal is earlier than 0:0.10.12-1.EL3.1
  • AND ethereal is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • ethereal-gnome is earlier than 0:0.10.12-1.EL4.1
  • AND ethereal-gnome is signed with Red Hat master key
  • ethereal is earlier than 0:0.10.12-1.EL4.1
  • AND ethereal is signed with Red Hat master key
    • BACK