ethereal security update

2006-05-03T17:41:25
ID CESA-2006:0420
Type centos
Reporter CentOS Project
Modified 2006-05-04T03:40:37

Description

CentOS Errata and Security Advisory CESA-2006:0420

Ethereal is a program for monitoring network traffic.

Several denial of service bugs were found in Ethereal's protocol dissectors. Ethereal could crash or stop responding if it reads a malformed packet off the network. (CVE-2006-1932, CVE-2006-1933, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940)

Several buffer overflow bugs were found in Ethereal's COPS, telnet, and ALCAP dissectors as well as Network Instruments file code and NetXray/Windows Sniffer file code. Ethereal could crash or execute arbitrary code if it reads a malformed packet off the network. (CVE-2006-1934, CVE-2006-1935, CVE-2006-1936)

Users of ethereal should upgrade to these updated packages containing version 0.99.0, which is not vulnerable to these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-May/012860.html http://lists.centos.org/pipermail/centos-announce/2006-May/012861.html http://lists.centos.org/pipermail/centos-announce/2006-May/012866.html http://lists.centos.org/pipermail/centos-announce/2006-May/012868.html http://lists.centos.org/pipermail/centos-announce/2006-May/012870.html http://lists.centos.org/pipermail/centos-announce/2006-May/012875.html http://lists.centos.org/pipermail/centos-announce/2006-May/012876.html http://lists.centos.org/pipermail/centos-announce/2006-May/012883.html http://lists.centos.org/pipermail/centos-announce/2006-May/012884.html

Affected packages: ethereal ethereal-gnome

Upstream details at: https://rhn.redhat.com/errata/RHSA-2006-0420.html