Context Navigation

← Previous Ticket
Next Ticket →

#1677 closed defect (fixed)

UPDATE: ethereal-0.10.3 (security fix)

Reported by:	jbenninghoff@…	Owned by:	opendarwin.org@…
Priority:	Normal	Milestone:
Component:	ports	Version:	1.0
Keywords:		Cc:	jbenninghoff@…
Port:

Description

Updates ethereal to 0.10.3. Tested on 10.3.3.

Fixes a security flaw discussed here: http://www.ethereal.com/appnotes/enpa-sa-00013.html Security Flaw Summary: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.

Attachments (1)

ethereal-update-diff (769 bytes) - added by jbenninghoff@… 21 years ago.: cvs-unidiff-patch

Download all attachments as: .zip

Change History (4)

Changed 21 years ago by jbenninghoff@…

Attachment:	ethereal-update-diff added

cvs-unidiff-patch

comment:1 Changed 21 years ago by opendarwin.org@…

Status:	new → assigned

comment:2 Changed 21 years ago by opendarwin.org@…

Tested w/ +pcre +net-snmp +adns on 10.3.2, appears to work just fine.

comment:3 Changed 21 years ago by toby@…

Resolution:	→ fixed
Status:	assigned → closed

Committed!

Note: See TracTickets for help on using tickets.

Download in other formats: