Updated Ethereal packages that fix various security vulnerabilities are now
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ethereal is a program for monitoring network traffic.
Two denial of service bugs were found in Ethereal's IRC and GTP protocol
dissectors. Ethereal could crash or stop responding if it reads a malformed
IRC or GTP packet off the network. The Common Vulnerabilities and Exposures
project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585
to these issues.
A buffer overflow bug was found in Ethereal's OSPF protocol dissector.
Ethereal could crash or execute arbitrary code if it reads a malformed OSPF
packet off the network. (CVE-2005-3651)
Users of ethereal should upgrade to these updated packages containing
version 0.10.14, which is not vulnerable to these issues.