ethereal security update

CentOS Errata and Security Advisory CESA-2006:0420

Ethereal is a program for monitoring network traffic.

Several denial of service bugs were found in Ethereal’s protocol
dissectors. Ethereal could crash or stop responding if it reads a malformed
packet off the network. (CVE-2006-1932, CVE-2006-1933, CVE-2006-1937,
CVE-2006-1938, CVE-2006-1939, CVE-2006-1940)

Several buffer overflow bugs were found in Ethereal’s COPS, telnet, and
ALCAP dissectors as well as Network Instruments file code and
NetXray/Windows Sniffer file code. Ethereal could crash or execute
arbitrary code if it reads a malformed packet off the network.
(CVE-2006-1934, CVE-2006-1935, CVE-2006-1936)

Users of ethereal should upgrade to these updated packages containing
version 0.99.0, which is not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-May/075022.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075023.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075028.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075030.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075032.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075037.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075038.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075045.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075046.html

Affected packages:
ethereal
ethereal-gnome

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0420