Oval Definition:oval:com.redhat.rhsa:def:20060420
Revision Date:2006-05-03Version:638
Title:RHSA-2006:0420: ethereal security update (Moderate)
Description:Ethereal is a program for monitoring network traffic.

  • Several denial of service bugs were found in Ethereal's protocol dissectors. Ethereal could crash or stop responding if it reads a malformed packet off the network. (CVE-2006-1932, CVE-2006-1933, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940)

  • Several buffer overflow bugs were found in Ethereal's COPS, telnet, and ALCAP dissectors as well as Network Instruments file code and NetXray/Windows Sniffer file code. Ethereal could crash or execute arbitrary code if it reads a malformed packet off the network. (CVE-2006-1934, CVE-2006-1935, CVE-2006-1936)

    Users of ethereal should upgrade to these updated packages containing version 0.99.0, which is not vulnerable to these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-1932
    CVE-2006-1933
    CVE-2006-1934
    CVE-2006-1935
    CVE-2006-1936
    CVE-2006-1937
    CVE-2006-1938
    CVE-2006-1939
    CVE-2006-1940
    RHSA-2006:0420
    RHSA-2006:0420-01
    RHSA-2006:0420-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • ethereal is earlier than 0:0.99.0-EL3.2
  • AND ethereal is signed with Red Hat master key
  • ethereal-gnome is earlier than 0:0.99.0-EL3.2
  • AND ethereal-gnome is signed with Red Hat master key
    • BACK