Yellow Dog Linux Security Announcement
--------------------------------------

Package:	ethereal 
Issue Date:	Apr 23,2003   
Priority:	medium
Advisory ID: 	YDU-20030423-1


1. 	Topic:

	Updated ethereal packages are available.


2. 	Problem:
	
	"Ethereal is a package designed for monitoring network traffic on your
	system.

	Ethereal 0.9.9 and earlier allows remote attackers to cause a denial
	of service (crash) and possibly execute arbitrary code via carefully
	crafted SOCKS packets. Red Hat would like to thank Georgi Guninski for
	reporting this issue.

	Additionally, a heap-based buffer overflow in the NTLMSSP code for Ethereal
	0.9.9 and earlier allows remote attackers to cause a denial of service and
	possibly execute arbitrary code.

	Users of Ethereal should update to the erratum packages containing Ethereal
	version 0.9.11 which are not vulnerable to these issues."
	(From Red Hat Advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install ethereal 

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/ethereal-0.9.11-0.90.1a.ppc.rpm 
			ppc/ethereal-gnome-0.9.11-0.90.1a.ppc.rpm

		Yellow Dog Linux 2.3
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/ethereal-0.9.11-1.73.0a.ppc.rpm
			ppc/ethereal-gnome-0.9.11-1.73.0a.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
c72bcb06dded0116239bf940e1d3ed33   SRPMS/ethereal-0.9.11-0.90.1a.src.rpm
78640f354915c0f8d8248e00a756a34a   ppc/ethereal-0.9.11-0.90.1a.ppc.rpm
42bfa831f44713e34481c696668c3c96   ppc/ethereal-gnome-0.9.11-0.90.1a.ppc.rpm

[Yellow Dog Linux 2.3]
a99be12ae020124a2908cbf372857ac6  SRPMS/ethereal-0.9.11-1.73.0a.src.rpm
2ef8133b441b3277434879c62253c5a7  ppc/ethereal-gnome-0.9.11-1.73.0a.ppc.rpm
a2826d63eb681a1a59debca17d14a0da  ppc/ethereal-0.9.11-1.73.0a.ppc.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml