Oval Definition:oval:com.redhat.rhsa:def:20060156
Revision Date:2006-01-11Version:636
Title:RHSA-2006:0156: ethereal security update (Moderate)
Description:Ethereal is a program for monitoring network traffic.

Two denial of service bugs were found in Ethereal's IRC and GTP protocol dissectors. Ethereal could crash or stop responding if it reads a malformed IRC or GTP packet off the network. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585 to these issues.

  • A buffer overflow bug was found in Ethereal's OSPF protocol dissector. Ethereal could crash or execute arbitrary code if it reads a malformed OSPF packet off the network. (CVE-2005-3651)

    Users of ethereal should upgrade to these updated packages containing version 0.10.14, which is not vulnerable to these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2005-3313
    CVE-2005-3651
    CVE-2005-4585
    RHSA-2006:0156
    RHSA-2006:0156-01
    RHSA-2006:0156-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • ethereal is earlier than 0:0.10.14-1.EL3.1
  • AND ethereal is signed with Red Hat master key
  • ethereal-gnome is earlier than 0:0.10.14-1.EL3.1
  • AND ethereal-gnome is signed with Red Hat master key
    • BACK