[LWN Logo]
[Timeline]
Date: Thu, 23 Nov 2000 14:28:05 -0200
To: lwn@lwn.net, bugtraq@securityfocus.com, security-alert@linuxsecurity.com,
Subject: [CLSA-2000:342] Conectiva Linux Security Announcement - ethereal
From: secure@conectiva.com.br

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- -----------------------------------------------------------------------

PACKAGE   : ethereal
SUMMARY   : Buffer overflow allows remote exploit
DATE      : 2000-11-23 14:27:00
ID        : CLSA-2000:342
RELEVANT
RELEASES  : 5.0, 5.1

- ----------------------------------------------------------------------

DESCRIPTION
 Ethereal has some buffer overflows in some protocol decoders (mainly
 in AFS, but Netbios, ntp, icq, ppp and resolver also have possible
 buffer overflow problems). An attacker could send crafted packets to
 a network that is being monitored by ethereal to exploit these
 overflows.
 Version 0.8.14 fixes these problems.


SOLUTION
 All ethereal users should upgrade immediately.


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ethereal-0.8.14-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/ethereal-0.8.14-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ethereal-0.8.14-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/ethereal-0.8.14-1cl.i386.rpm


- ----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be 
obtained at http://www.conectiva.com.br/contato

- -----------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes

- ----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@papaleguas.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6HUWU42jd0JmAcZARAr38AJ48xl1mwehKxsjmhuiLSZw7pnhNQACgg8cg
O1ex+hMg4N8/TPXEL7Tl4AE=
=ffzE
-----END PGP SIGNATURE-----