ethereal - several vulnerabilities

Several of the packet dissectors in ethereal contain string handling
bugs which could be exploited using a maliciously crafted packet to
cause ethereal to consume excessive amounts of memory, crash, or
execute arbitrary code.

These vulnerabilities were announced in the following Ethereal security
advisory:

Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the
problems described in the advisory, including:

• The DCERPC dissector could try to allocate too much memory
  while trying to decode an NDR string.
• Bad IPv4 or IPv6 prefix lengths could cause an overflow in the
  OSI dissector.
• The tvb_get_nstringz0() routine incorrectly handled a
  zero-length buffer size.
• The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS
  dissectors handled strings improperly.

The following problems do not affect this version:

• The SPNEGO dissector could segfault while parsing an invalid
  ASN.1 value.
• The RMI dissector handled strings improperly

as these modules are not present.

For the stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody5.

For the old stable distribution (potato) these problems will be fixed in a
future advisory.

For the unstable distribution (sid) these problems are fixed in
version 0.9.13-1.

We recommend that you update your ethereal package.