OpenSuSE has issued an advisory on October 24: http://lists.opensuse.org/opensuse-updates/2011-10/msg00029.html Updated package uploaded for Mageia 1. Advisory: ======================== Updated etherape package fixes security vulnerability: The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c (CVE-2011-3369). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3369 http://lists.opensuse.org/opensuse-updates/2011-10/msg00029.html ======================== Updated packages in core/updates_testing: ======================== etherape-0.9.12-1.mga1 from etherape-0.9.12-1.mga1.src.rpm
Testing complete on Mageia 1 i586 and x86-64. No poc that I could find, so just confirming the program works. Could someone from the sysadmin team push the srpm etherape-0.9.12-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated etherape package fixes security vulnerability: The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c (CVE-2011-3369). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3369 http://lists.opensuse.org/opensuse-updates/2011-10/msg00029.html https://bugs.mageia.org/show_bug.cgi?id=7056
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA1-32-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0224
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED