ethereal security update

ID CESA-2005:687-01
Type centos
Reporter CentOS Project
Modified 2005-08-10T23:18:03


CentOS Errata and Security Advisory CESA-2005:687-01

The ethereal package is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project ( has assigned the names CAN-2005-2360, CAN-2005-2361, CAN-2005-2362, CAN-2005-2363, CAN-2005-2364, CAN-2005-2365, CAN-2005-2366, and CAN-2005-2367 to these issues.

Users of ethereal should upgrade to these updated packages, which contain version 0.10.12 which is not vulnerable to these issues.

Note: To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independant Executables (PIE) for Red Hat Enterprise Linux 3 and 4. In addition FORTIFY_SOURCE has been enabled for Red Hat Enterprise Linux 4 packages to provide compile time and runtime buffer checks.

Merged security bulletin from advisories:

Affected packages: ethereal ethereal-gnome

Upstream details at: