Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#4565 - Ethereal - DoS Vulnerability - ALST
Attached to Project:
Arch Linux
Opened by James Fryman (jfryman) - Thursday, 04 May 2006, 13:06 GMT
Last edited by Judd Vinet (judd) - Thursday, 04 May 2006, 16:23 GMT
Opened by James Fryman (jfryman) - Thursday, 04 May 2006, 13:06 GMT
Last edited by Judd Vinet (judd) - Thursday, 04 May 2006, 16:23 GMT
This task depends upon
---------------------
Time to upgrade Ethereal...
Published: 2006-04-25,
Last Updated: 2006-04-25 16:43:55 UTC by Pedro Bueno (Version: 1)
Yes, if you use Ethereal, it is time to upgrade. According an advisory posted by Frsirt, 28 vulnerabilities has been identified in Ethereal "which could be exploited by remote attackers to compromise a vulnerable system or cause a denial of service."
Ethereal released a new versin to fix those, on its version 0.99, which you can find here.
Versions that were confirmed to be vulnerable are: Ethereal 0.8.5 through 0.10.14
I think this is should be patched urgently and not be put on hold, especially as beside these security issues, it is very easy to upgrade (just a recompile with the current PKGBUILD, only changing version and md5sum worked for me) with no impact on any other package.