Search:

May 2005

Two Mandriva Linux Update Advisories: 1. MDKA-2005:024 - drakxtools 2. MDKSA-2005:083 - ethereal

ID: 00401
Ref: 371/2005
Date: 12 May 2005:14:53:16
Version: 1

Title: Two Mandriva Linux Update Advisories: 1. MDKA-2005:024 - drakxtools 2. MDKSA-2005:083 - ethereal
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Two Mandriva Linux Update Advisories:

1. MDKA-2005:024 - drakxtools

2. MDKSA-2005:083 - ethereal

Detail
======

1. Packages are available for drakxtools that fix various bugs in
individual components:

- drakfirewall blocked the connection by default
- drakconnect wasn't correctly (re)configuring ndiswrapper
- drakconnect wasn't detecting the proper driver name for a few bogus
kernel drivers
- drakroam wasn't properly listing available networks

2. A number of vulnerabilities were discovered in previous version of
Ethereal that have been fixed in the 0.10.11 release

1.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name:
Date: May 11th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

Packages are available for drakxtools that fix various bugs in
individual components:

- drakfirewall blocked the connection by default
- drakconnect wasn't correctly (re)configuring ndiswrapper
- drakconnect wasn't detecting the proper driver name for a few bogus
kernel drivers
- drakroam wasn't properly listing available networks

The updated packages correct these issues.
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.2:
7af8c57639c6c0a21787356e17c16850 10.2/RPMS/drakx-finish-install-10.2-24.1.102mdk.i586.rpm
44814e0910b18c45a1ef349cae4c3778 10.2/RPMS/drakxtools-10.2-24.1.102mdk.i586.rpm
09edc2a4e64b5b0eca09c5cd789c5b74 10.2/RPMS/drakxtools-backend-10.2-24.1.102mdk.i586.rpm
fd07f9140b3ffab6ad9f9d603f5ee4ab 10.2/RPMS/drakxtools-http-10.2-24.1.102mdk.i586.rpm
ddd797217aa29be0f127796a5b71272f 10.2/RPMS/drakxtools-newt-10.2-24.1.102mdk.i586.rpm
2b120337e79c352e7bb8518faffba8a1 10.2/RPMS/harddrake-10.2-24.1.102mdk.i586.rpm
b7a1c01ca71d189c525aed509b477f0b 10.2/RPMS/harddrake-ui-10.2-24.1.102mdk.i586.rpm
a561d0b8cc8e27cefb507cbf9b0c36ce 10.2/SRPMS/drakxtools-10.2-24.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
eb50e28db487d4fbc9fe6a1bf8b3ca61 x86_64/10.2/RPMS/drakx-finish-install-10.2-24.1.102mdk.x86_64.rpm
969c6f6fa5999c598b82383926b1d630 x86_64/10.2/RPMS/drakxtools-10.2-24.1.102mdk.x86_64.rpm
bcc4be9b4e94e7b1100bca74aa968244 x86_64/10.2/RPMS/drakxtools-backend-10.2-24.1.102mdk.x86_64.rpm
e6f1bcadbffe5f8083c48487d90992c6 x86_64/10.2/RPMS/drakxtools-http-10.2-24.1.102mdk.x86_64.rpm
324b68254ae054cdc808f7a1c11cab45 x86_64/10.2/RPMS/drakxtools-newt-10.2-24.1.102mdk.x86_64.rpm
53c9c3a431f4728c43167e6bbc7b8505 x86_64/10.2/RPMS/harddrake-10.2-24.1.102mdk.x86_64.rpm
188db30b8e1fda82765325d366d6865e x86_64/10.2/RPMS/harddrake-ui-10.2-24.1.102mdk.x86_64.rpm
a561d0b8cc8e27cefb507cbf9b0c36ce x86_64/10.2/SRPMS/drakxtools-10.2-24.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCgn6qmqjQ0CJFipgRAn/aAJ9qofRRJ4f94GtpO2YiphNMhxH9gQCeMO3B
JvcGHmJrIX5h6T3kwmHJVWU=
=xD/8
- -----END PGP SIGNATURE-----

2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: ethereal
Advisory ID: MDKSA-2005:083
Date: May 10th, 2005

Affected versions: 10.1, 10.2
______________________________________________________________________

Problem Description:

A number of vulnerabilities were discovered in previous version of
Ethereal that have been fixed in the 0.10.11 release, including:

- The ANSI A and DHCP dissectors are vulnerable to format string
vulnerabilities.

- The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP
and Presentation dissectors are vulnerable to buffer overflows.

- The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
NETLOGON dissectors are vulnerable to pointer handling errors.

- The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
L2TP dissectors are vulnerable to looping problems.

- The Telnet and DHCP dissectors could abort.

- The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
segmentation fault.

- The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.

- The DICOM, NDPS and ICEP dissectors are vulnerable to memory
handling errors.

- The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
dissectors could terminate abnormallly.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470
http://www.ethereal.com/appnotes/enpa-sa-00019.html
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
ae2866749c7a3ceebbd6550ef5a29154 10.1/RPMS/ethereal-0.10.11-0.1.101mdk.i586.rpm
7a27b1b13fd7b9232f078f3c803863c8 10.1/RPMS/ethereal-tools-0.10.11-0.1.101mdk.i586.rpm
b32725663f41c817169c650c04dff15e 10.1/RPMS/libethereal0-0.10.11-0.1.101mdk.i586.rpm
f995c192659c93c5a77d12ff0dfb74e3 10.1/RPMS/tethereal-0.10.11-0.1.101mdk.i586.rpm
0d2e9e9478b964b9de67e10dab5996d7 10.1/SRPMS/ethereal-0.10.11-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
a6fdb42381866c6c2df04732a0e2e2f0 x86_64/10.1/RPMS/ethereal-0.10.11-0.1.101mdk.x86_64.rpm
285be2e4fff2cec54772d08daf994c0f x86_64/10.1/RPMS/ethereal-tools-0.10.11-0.1.101mdk.x86_64.rpm
a672830433d1bd9c044d081116311406 x86_64/10.1/RPMS/lib64ethereal0-0.10.11-0.1.101mdk.x86_64.rpm
da5bb65a0ac86ad8510c9c82c6c3c798 x86_64/10.1/RPMS/tethereal-0.10.11-0.1.101mdk.x86_64.rpm
0d2e9e9478b964b9de67e10dab5996d7 x86_64/10.1/SRPMS/ethereal-0.10.11-0.1.101mdk.src.rpm

Mandrakelinux 10.2:
f6d236307d9366150aa2cf900b77ad4b 10.2/RPMS/ethereal-0.10.11-0.1.102mdk.i586.rpm
e146cf60690d907aaeb569f59cde8e37 10.2/RPMS/ethereal-tools-0.10.11-0.1.102mdk.i586.rpm
a6ee5615d66e5b33ffe05270069fa921 10.2/RPMS/libethereal0-0.10.11-0.1.102mdk.i586.rpm
fa4398c9e4947faff78750b289ee922c 10.2/RPMS/tethereal-0.10.11-0.1.102mdk.i586.rpm
0b13985c69b63df65775240b8991c07e 10.2/SRPMS/ethereal-0.10.11-0.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
7c9dc07574f92df6e3920da6c1320cfb x86_64/10.2/RPMS/ethereal-0.10.11-0.1.102mdk.x86_64.rpm
5684d61528aa353ee5ce58d8c99317f9 x86_64/10.2/RPMS/ethereal-tools-0.10.11-0.1.102mdk.x86_64.rpm
ce979043e16801b2b4565fb2dae4e18f x86_64/10.2/RPMS/lib64ethereal0-0.10.11-0.1.102mdk.x86_64.rpm
1e5af06f5eb143a956fd3a0ee88109e0 x86_64/10.2/RPMS/tethereal-0.10.11-0.1.102mdk.x86_64.rpm
0b13985c69b63df65775240b8991c07e x86_64/10.2/SRPMS/ethereal-0.10.11-0.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCgWxJmqjQ0CJFipgRAhvNAKCUHZqNrYOvYKvnHSyZEPV3RivIRQCg74gK
SeqOmD4frQK02Lp3wYd9qzQ=
=ZgKm
- -----END PGP SIGNATURE-----