Updated ethereal packages are now available which fix a format string bug and a heap-based buffer overflow.
Ethereal is a package designed for monitoring network traffic on your system. Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via carefully crafted SOCKS packets. Red Hat would like to thank Georgi Guninski for reporting this issue. Additionally, a heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. Users of Ethereal should update to the erratum packages containing Ethereal version 0.9.11 which are not vulnerable to these issues.