Re: [SECURITY] [DSA 920-1] New ethereal packages fix arbitrary code execution
Martin Schulze wrote:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 920-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> December 13th, 2005 http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package : ethereal
> Vulnerability : buffer overflow
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2005-3651
> BugTraq ID : 15794
> Debian Bug : 342911
>
> A buffer overflow has been discovered in ethereal, a commonly used
> network traffic analyser that causes a denial of service and may
> potentially allow the execution of arbitrary code.
>
> For the old stable distribution (woody) this problem has been fixed in
> version 0.9.4-1woody14.
>
> For the stable distribution (sarge) this problem has been fixed in
> version 0.10.10-2sarge3.
>
Looks like a typo, this last line should be:
version 0.10.10-2sarge4
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
Reply to: