Re: [SECURITY] [DSA 920-1] New ethereal packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 920-1] New ethereal packages fix arbitrary code execution
From: Geoff Crompton <geoff.crompton@strategicdata.com.au>
Date: Wed, 14 Dec 2005 09:37:45 +1100
Message-id: <[🔎] 439F4D39.8050008@strategicdata.com.au>
In-reply-to: <m1Em91b-000ohNC@finlandia.Infodrom.North.DE>
References: <m1Em91b-000ohNC@finlandia.Infodrom.North.DE>

Martin Schulze wrote:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 920-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> December 13th, 2005                     http://www.debian.org/security/faq
> --------------------------------------------------------------------------
> 
> Package        : ethereal
> Vulnerability  : buffer overflow
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2005-3651
> BugTraq ID     : 15794
> Debian Bug     : 342911
> 
> A buffer overflow has been discovered in ethereal, a commonly used
> network traffic analyser that causes a denial of service and may
> potentially allow the execution of arbitrary code.
> 
> For the old stable distribution (woody) this problem has been fixed in
> version 0.9.4-1woody14.
> 
> For the stable distribution (sarge) this problem has been fixed in
> version 0.10.10-2sarge3.
> 

Looks like a typo, this last line should be:
 version 0.10.10-2sarge4

-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000

Reply to:

Prev by Date: editor crashes regularly, loosing all data since last save
Next by Date: Mailman DoS CVE-2005-3573, debbug #339095
Previous by thread: editor crashes regularly, loosing all data since last save
Next by thread: Mailman DoS CVE-2005-3573, debbug #339095
Index(es):
- Date
- Thread