|
Several of the packet dissectors in ethereal contain string handling bugs which could be exploited using a maliciously crafted packet to cause ethereal to consume excessive amounts of memory, crash, or execute arbitrary code.
These vulnerabilities were announced in the following Ethereal security advisory:
http://www.ethereal.com/appnotes/enpa-sa-00010.html
Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the problems described in the advisory, including:
The following problems do not affect this version:
as these modules are not present.
For the stable distribution (woody) these problems have been fixed in version 0.9.4-1woody5.
For the old stable distribution (potato) these problems will be fixed in a future advisory.
For the unstable distribution (sid) these problems are fixed in version 0.9.13-1.
We recommend that you update your ethereal package.
MD5 checksums of the listed files are available in the original advisory.