| Revision Date: | 2006-01-11 | Version: | 636 |
| Title: | RHSA-2006:0156: ethereal security update (Moderate) |
| Description: | Ethereal is a program for monitoring network traffic.
Two denial of service bugs were found in Ethereal's IRC and GTP protocol dissectors. Ethereal could crash or stop responding if it reads a malformed IRC or GTP packet off the network. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585 to these issues.
A buffer overflow bug was found in Ethereal's OSPF protocol dissector. Ethereal could crash or execute arbitrary code if it reads a malformed OSPF packet off the network. (CVE-2005-3651)
Users of ethereal should upgrade to these updated packages containing version 0.10.14, which is not vulnerable to these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-3313
CVE-2005-3651
CVE-2005-4585
RHSA-2006:0156
RHSA-2006:0156-01
RHSA-2006:0156-01
|
| Platform(s): | Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 3 is installed
AND
ethereal is earlier than 0:0.10.14-1.EL3.1
AND ethereal is signed with Red Hat master key
ethereal-gnome is earlier than 0:0.10.14-1.EL3.1
AND ethereal-gnome is signed with Red Hat master key
|