Ethereal-announce: [Ethereal-announce] Ethereal 0.10.11 is now available
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Wed, 04 May 2005 20:28:34 -0500
Ethereal 0.10.11 has been released. An aggressive testing program as well as independent discovery has turned up a multitude of security issues: The ANSI A dissector was susceptible to format string vulnerabilities. Discovered by Bryan Fulton. Versions affected: 0.9.15 to 0.10.10 The GSM MAP dissector could crash. Versions affected: 0.10.0 to 0.10.10 The AIM dissector could cause a crash. Versions affected: 0.9.14 to 0.10.10 The DISTCC dissector was susceptible to a buffer overflow. Discovered by Ilja van Sprundel Versions affected: 0.9.13 to 0.10.10 The FCELS dissector was susceptible to a buffer overflow. Discovered by Neil Kettle Versions affected: 0.9.9 to 0.10.10 The SIP dissector was susceptible to a buffer overflow. Discovered by Ejovi Nuwere. Versions affected: 0.10.0 to 0.10.10 The KINK dissector was susceptible to a null pointer exception, endless looping, and other problems. Versions affected: 0.10.10 The LMP dissector was susceptible to an endless loop. Versions affected: 0.9.4 to 0.10.10 The Telnet dissector could abort. Versions affected: 0.9.10 to 0.10.10 The TZSP dissector could cause a segmentation fault. Versions affected: 0.10.10 to 0.10.10 The WSP dissector was susceptible to a null pointer exception and assertions. Versions affected: 0.10.0 to 0.10.10 The 802.3 Slow protocols dissector could throw an assertion. Versions affected: 0.10.10 The BER dissector could throw assertions. Versions affected: 0.10.2 to 0.10.10 The SMB Mailslot dissector was susceptible to a null pointer exception and could throw assertions. Versions affected: 0.9.0 to 0.10.10 The H.245 dissector was susceptible to a null pointer exception. Versions affected: 0.10.10 The Bittorrent dissector could cause a segmentation fault. Versions affected: 0.10.8 to 0.10.10 The SMB dissector could cause a segmentation fault and throw assertions. Versions affected: 0.9.0 to 0.10.10 The Fibre Channel dissector could cause a crash. Versions affected: 0.9.9 to 0.10.10 The DICOM dissector could attempt to allocate large amounts of memory. Versions affected: 0.10.4 to 0.10.10 The MGCP dissector was susceptible to a null pointer exception, could loop indefinitely, and segfault. Versions affected: 0.8.14 to 0.10.10 The RSVP dissector could loop indefinitely. Versions affected: 0.9.8 to 0.10.10 The DHCP dissector was susceptible to format string vulnerabilities, and could abort. Versions affected: 0.10.7 to 0.10.10 The SRVLOC dissector could crash unexpectedly or go into an infinite loop. Versions affected: 0.9.8 to 0.10.10 The EIGRP dissector could loop indefinitely. Versions affected: 0.8.18 to 0.10.10 The ISIS dissector could overflow a buffer. Versions affected: 0.8.18 to 0.10.10 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, and X.509 dissectors could overflow buffers. Versions affected: 0.10.4 to 0.10.10 The NDPS dissector could exhaust system memory or cause an assertion, or crash. Versions affected: 0.9.12 to 0.10.10 The Q.931 dissector could try to free a null pointer and overflow a buffer. Versions affected: 0.10.10 The IAX2 dissector could throw an assertion. Versions affected: 0.10.1 to 0.10.10 The ICEP dissector could try to free the same memory twice. Versions affected: 0.10.7 to 0.10.10 The MEGACO dissector was susceptible to an infinite loop and a buffer overflow. Versions affected: 0.9.14 to 0.10.10 The DLSw dissector was susceptible to an infinite loop. Versions affected: 0.9.1 to 0.10.10 The RPC dissector was susceptible to a null pointer exception. Versions affected: 0.9.2 to 0.10.10 The NCP dissector could overflow a buffer or loop for a large amount of time. Versions affected: 0.10.5 to 0.10.10 The RADIUS dissector could throw an assertion. Versions affected: 0.10.3 to 0.10.10 The GSM dissector could access an invalid pointer. Versions affected: 0.10.10 The SMB PIPE dissector could throw an assertion. Versions affected: 0.9.0 to 0.10.10 The L2TP dissector was susceptible to an infinite loop. Versions affected: 0.10.9 to 0.10.10 The SMB NETLOGON dissector could dereference a null pointer. Versions affected: 0.9.12 to 0.10.10 The MRDISC dissector could throw an assertion. Versions affected: 0.8.19 to 0.10.10 The ISUP dissector could overflow a buffer or cause a segmentation fault. Versions affected: 0.8.19 to 0.10.10 The LDAP dissector could crash. Versions affected: 0.10.1 to 0.10.10 The TCAP dissector could overflow a buffer or throw an assertion. Versions affected: 0.10.8 to 0.10.10 The NTLMSSP dissector could crash. Versions affected: 0.9.7 to 0.10.10 The Presentation dissector could overflow a buffer. Versions affected: 0.10.1 to 0.10.10 Additionally, a number of dissectors could throw an assertion when passing an invalid protocol tree item length. Versions affected: 0.10.8 to 0.10.10 Please see the following advisory for more information: http://www.ethereal.com/appnotes/enpa-sa-00019.html Everyone is encouraged to upgrade. New and updated features Many user interface improvements have been made: The toolbar has been updated. Packet detail tree items can be expanded and collapsed with the right and left arrow keys. The status bar display has been improved. Live captures can now be restarted from the toolbar. More improvements have been made to the ring buffer feature. Display filters are now faster. The capture engine has received major updates. New protocol support 9P, Aruba ADP, Camel, DRSUAPI, DUA, HPSW, Monotone Netsync, nettl, UMA, VNC (RFB) Updated protocol support ACSE, AgentX, AIM, AMR, ANSI A, ASN.1 BER/PER, ATM, ATSVC, BACapp, BOOTP/DHCP, CDP, CMIP, CMP, CMS, CRMF, DCERPC, DHCPFO, DIAMETER, DICOM, DISTCC, DLSw, EFS, EIGRP, EPM, ESIS, ESS, ETHERIC, Ethernet, FC, FCELS, FCP, FTAM, G.723, GIOP, GRE, GSM, GSS-API, GTP, H.225, H.245, H.263, HTTP, IAX2, ICEP, IEEE 802.11, IEEE 802.3 Slow protocols, INAP, IP, IPsec, ISAKMP, iSCSI, ISIS, ISL, ISMP, ISUP, JXTA, Kerberos, KINK, Kpasswd, L2TP, LDAP, LMP, M3UA, MANOLITO, MEGACO, MGCP, MIP6, MMSE, MQ, MRDISC, MTP2, NCP, NDMP, NDPS, NFS, NLM, OCSP, OSI options, PIM, PKIX1Explitit, PKIX Qualified, PKTC, Portmap, PPP, PRES, PROFINET DCP, Q.2931, Q.931, Q.933, RADIUS, RDM, RPC, RSVP, RTP, RTSP, RX, SCCP, SCSI, SCTP, SDP, sFlow, SIP, SKINNY, SM, SMB (SMB, PIPE, LOGON, Mailslot), SNA, SPNEGO, SRVLOC, SUA, TCAP, TCP, Telnet, TFTP, TZSP, Vines, WSP, X11, X.509, XML New and updated capture file support 5Views, HP nettl Download Sites The source code, Windows and Solaris installers can be downloaded immediately from the following locations: Main site: Source: http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz http://www.ethereal.com/distribution/ethereal-0.10.11.tar.bz2 Windows installer: http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.11.exe Solaris installers: http://www.ethereal.com/distribution/solaris/ SourceForge: http://sourceforge.net/project/showfiles.php?group_id=255 The mirror sites listed at http://www.ethereal.com/download.html#releases should be updated shortly. Digests MD5(ethereal-0.10.11.tar.bz2)=03aa7fe2cbef9aa0654637cdc60e0458 SHA1(ethereal-0.10.11.tar.bz2)=8ce2f276cd71b6dae23b75496316f72285bab547 RIPEMD160(ethereal-0.10.11.tar.bz2)=3064136913a762f8cad1e4c925c70cce9895f05a MD5(ethereal-0.10.11.tar.gz)=6d669d23dfb4364f4ac60b51cd81c0dc SHA1(ethereal-0.10.11.tar.gz)=338e75ca2ff55b545621a2a14061a23fc36dc928 RIPEMD160(ethereal-0.10.11.tar.gz)=cf778f8ca6f1febd018fb5ad0c6a234e0b44322a MD5(ethereal-setup-0.10.11.exe)=6e9503aab51a30e88d311e90aa32fb8e SHA1(ethereal-setup-0.10.11.exe)=ca2ab7e31721177b45bf68f44ce416ccf6a47b06 RIPEMD160(ethereal-setup-0.10.11.exe)=8f5ba58dbbd9384db774153b17b070966ef100cd MD5(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=cc917e2f15b369d546ddfc58410118ee SHA1(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=0abca8f5794f128139d472d05964edce9d321132 RIPEMD160(ethereal-0.10.11-solaris2.8-sparc-local.bz2)=db7d363ba1f26be01a267e0df01609bca8362520 MD5(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=7aae18f81df9ee57996ecd2d58f4432c SHA1(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=352ad8f56f4240c806e131631a4c92927a82b668 RIPEMD160(ethereal-0.10.11-solaris2.9-sparc-local.bz2)=6b83eb397a05ecce1511123fb64c446b7c452c67 MD5(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=c2ec966f18f919aef9e7f20ed9e475fe SHA1(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=bdd0355771448ea5a42e1e2d1847e235465c7a95 RIPEMD160(patch-ethereal-0.10.10-to-0.10.11.diff.bz2)=9e930b4eeca68caaa139558cf93d10a576dff047
Attachment:
signature.asc
Description: OpenPGP digital signature