Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Nov 2000 17:38:59 -0800 (PST)
From:      joseph@randomnetworks.com
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/22999: UPDATE of net/ethereal (0.8.13 -> 0.8.14) (security fix also)
Message-ID:  <200011210138.eAL1cxE24495@rodan.water-programs.com>

next in thread | raw e-mail | index | archive | help

>Number:         22999
>Category:       ports
>Synopsis:       UPDATE of net/ethereal (0.8.13 -> 0.8.14) (security fix also)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 20 17:40:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Joseph Scott
>Release:        FreeBSD 4.2-BETA i386
>Organization:
randomnetworks.com
>Environment:

ports collection

>Description:

There was a post on bugtraq describing a buffer overflow in ethereal 0.8.13.
The port was then marked as FORBIDDEN.
Since then ethereal 0.8.14 has been released, which fixes the buffer overflow,
in addition to some new dissectors.  From the ethereal web site :

"An exploit for a buffer overrun in the AFS dissector was recently released on 
BugTraq. Ethereal 0.8.14 fixes this and other possibly-exploitable overruns. 
Also new in 0.8.14 are dissectors for WAP, SIP, AIM/OSCAR, 802.11, GIOP v1.2, 
and MGCP (plugin). Other dissectors were updated as well. Be sure to upgrade to
0.8.14 as soon as possible."

For this reason I marked the pr as serious. 

>How-To-Repeat:


>Fix:

this diff was generated from /usr/ports, by :
	diff -ruN net/ethereal.orig net/ethereal
----------------------------------------------
diff -ruN net/ethereal.orig/Makefile net/ethereal/Makefile
--- net/ethereal.orig/Makefile  Mon Nov 20 17:32:26 2000
+++ net/ethereal/Makefile       Mon Nov 20 17:32:43 2000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      ethereal
-PORTVERSION=   0.8.13
+PORTVERSION=   0.8.14
 CATEGORIES=    net ipv6
 MASTER_SITES=  ftp://ftp.ethereal.com/pub/ethereal/ \
                ftp://gd.tuwien.ac.at/infosys/security/ethereal/ \
@@ -14,7 +14,6 @@
                ftp://the.wiretapped.net/pub/security/packet-sniffing/ethereal/
 
 MAINTAINER=    billf@FreeBSD.org
-FORBIDDEN=     "Remotely exploitable buffer overflow; identical to Security Advisory 00:61"
 
 USE_X_PREFIX=  yes
 USE_GTK=       yes
diff -ruN net/ethereal.orig/distinfo net/ethereal/distinfo
--- net/ethereal.orig/distinfo  Mon Nov 20 17:32:26 2000
+++ net/ethereal/distinfo       Mon Nov 20 17:33:03 2000
@@ -1 +1 @@
-MD5 (ethereal-0.8.13.tar.gz) = 27c799d82573a4d88354938aba0c6325
+MD5 (ethereal-0.8.14.tar.gz) = 470dd018c417a4bd31f1fafdc57cfe06

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011210138.eAL1cxE24495>