Debian Security Advisory DSA 1049-1 (ethereal)

The remote host is missing an update to ethereal announced via advisory DSA 1049-1. Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-1932 The OID printing routine is susceptible to an off-by-one error. CVE-2006-1933 The UMA and BER dissectors could go into an infinite loop. CVE-2006-1934 The Network Instruments file code could overrun a buffer. CVE-2006-1935 The COPS dissector contains a potential buffer overflow. CVE-2006-1936 The telnet dissector contains a buffer overflow. CVE-2006-1937 Bugs in the SRVLOC and AIM dissector, and in the statistics counter could crash ethereal. CVE-2006-1938 Null pointer dereferences in the SMB PIPE dissector and when reading a malformed Sniffer capture could crash ethereal. CVE-2006-1939 Null pointer dereferences in the ASN.1, GSM SMS, RPC and ASN.1-based dissector and an invalid display filter could crash ethereal. CVE-2006-1940 The SNDCP dissector could cause an unintended abortion. For the old stable distribution (woody) these problems have been fixed in version 0.9.4-1woody15.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge5. For the unstable distribution (sid) these problems have be fixed soon. We recommend that you upgrade your ethereal packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201049-1