| Summary: | etherape missing update for security issue CVE-2011-3369 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/464269/ | ||
| Whiteboard: | MGA1-32-OK MGA1-64-OK | ||
| Source RPM: | etherape-0.9.10-1.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-08-14 18:51:23 CEST
Testing complete on Mageia 1 i586 and x86-64. No poc that I could find, so just confirming the program works. Could someone from the sysadmin team push the srpm etherape-0.9.12-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated etherape package fixes security vulnerability: The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c (CVE-2011-3369). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3369 http://lists.opensuse.org/opensuse-updates/2011-10/msg00029.html https://bugs.mageia.org/show_bug.cgi?id=7056 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0224 Status:
NEW =>
RESOLVED |