ports/66766: Security update: net/ethereal from 0.10.3 to 0.10.4

Esa Karkkainen ejk at iki.fi
Mon May 17 17:40:01 UTC 2004 

>Number:         66766
>Category:       ports
>Synopsis:       Security update: net/ethereal from 0.10.3 to 0.10.4
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 17 10:40:00 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Esa Karkkainen
>Release:        FreeBSD 5.2.1-RELEASE-p6 i386
>Organization:
Is in state of disintegration
>Environment:
System: FreeBSD 5.2.1-RELEASE-p6 #6: Thu May 6 23:27:20 EEST 2004
Ports tree: cvsupped at Mon May 17 18:14 EEST 2004

>Description:
Cut and pasted from

http://www.ethereal.com/appnotes/enpa-sa-00014.html

---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
Name: Multiple security problems in Ethereal 0.10.3
Docid: enpa-sa-00014
Date: March 22, 2004
Versions affected: 0.9.8 up to and including 0.10.3

Impact:
It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet onto the wire, by convincing
someone to read a malformed packet trace file, or by creating a
malformed color filter file. 

Resolution: Upgrade to 0.10.4.

If you are running a version prior to 0.10.4 and you cannot upgrade, you
can disable all of the protocol dissectors listed above by selecting
Analyze->Enabled Protocols... and deselecting them from the list.
However, it is strongly recommended that you upgrade to 0.10.4. 
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---

>How-To-Repeat:
N/A
>Fix:

	I have compiled ethereal 0.10.4 with command
"make WITHOUT_SNMP=yes all" and I seem to have a working version of
ethereal 0.10.4.

diff -ruN /usr/ports/net/ethereal/Makefile ethereal/Makefile
--- /usr/ports/net/ethereal/Makefile	Wed Mar 31 18:18:16 2004
+++ ethereal/Makefile	Mon May 17 20:07:50 2004
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	ethereal
-PORTVERSION=	0.10.3
+PORTVERSION=	0.10.4
 CATEGORIES=	net ipv6
 MASTER_SITES=	ftp://ftp.ethereal.com/pub/ethereal/all-versions/ \
 		ftp://gd.tuwien.ac.at/infosys/security/ethereal/all-versions/ \
@@ -57,7 +57,7 @@
 .endif
 
 USE_LIBTOOL_VER=13
-LIBTOOLFILES=	configure epan/configure wiretap/configure doc/configure \
+LIBTOOLFILES=	configure wiretap/configure doc/configure \
 	      	plugins/gryphon/configure
 PLIST_SUB+=	PORTVERSION=${PORTVERSION}
 
diff -ruN /usr/ports/net/ethereal/distinfo ethereal/distinfo
--- /usr/ports/net/ethereal/distinfo	Wed Mar 31 18:18:16 2004
+++ ethereal/distinfo	Mon May 17 00:17:38 2004
@@ -1,2 +1,2 @@
-MD5 (ethereal-0.10.3.tar.bz2) = 6902272eb5304f57db76bf91abe453d1
-SIZE (ethereal-0.10.3.tar.bz2) = 4840005
+MD5 (ethereal-0.10.4.tar.bz2) = d889d4e6e26047afc5a2b74770c8ac88
+SIZE (ethereal-0.10.4.tar.bz2) = 4889371
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list