CentOS Errata and Security Advisory CESA-2006:0156-01
Ethereal is a program for monitoring network traffic.
Two denial of service bugs were found in Ethereal’s IRC and GTP protocol
dissectors. Ethereal could crash or stop responding if it reads a malformed
IRC or GTP packet off the network. The Common Vulnerabilities and Exposures
project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585
to these issues.
A buffer overflow bug was found in Ethereal’s OSPF protocol dissector.
Ethereal could crash or execute arbitrary code if it reads a malformed OSPF
packet off the network. (CVE-2005-3651)
Users of ethereal should upgrade to these updated packages containing
version 0.10.14, which is not vulnerable to these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-January/074741.html
Affected packages:
ethereal
ethereal-gnome
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | ethereal | < 0.10.14-1.AS21.1 | ethereal-0.10.14-1.AS21.1.i386.rpm |
CentOS | 2 | i386 | ethereal-gnome | < 0.10.14-1.AS21.1 | ethereal-gnome-0.10.14-1.AS21.1.i386.rpm |