Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#1677 closed defect (fixed)

UPDATE: ethereal-0.10.3 (security fix)

Reported by: jbenninghoff@… Owned by: opendarwin.org@…
Priority: Normal Milestone:
Component: ports Version: 1.0
Keywords: Cc: jbenninghoff@…
Port:

Description

Updates ethereal to 0.10.3. Tested on 10.3.3.

Fixes a security flaw discussed here: http://www.ethereal.com/appnotes/enpa-sa-00013.html Security Flaw Summary: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.

Attachments (1)

ethereal-update-diff (769 bytes) - added by jbenninghoff@… 18 years ago.
cvs-unidiff-patch

Download all attachments as: .zip

Change History (4)

Changed 18 years ago by jbenninghoff@…

Attachment: ethereal-update-diff added

cvs-unidiff-patch

comment:1 Changed 18 years ago by opendarwin.org@…

Status: newassigned

comment:2 Changed 18 years ago by opendarwin.org@…

Tested w/ +pcre +net-snmp +adns on 10.3.2, appears to work just fine.

comment:3 Changed 18 years ago by toby@…

Resolution: fixed
Status: assignedclosed

Committed!

Note: See TracTickets for help on using tickets.