ethereal-devel: A Network Traffic Analyser
----------------------------------------------------------------------
File: ethereal-devel-0.10.14-16.16.ppc.rpm
Patchrpm: ethereal-devel-0.10.14-16.16.ppc.patch.rpm
Version: 0.10.14-16.16
Size: 120 kB
Patchsize: 15 kB
Date: Thu 12 Jul 2007 17:38:47 CEST
Source: ethereal-0.10.14-16.16.src.rpm
Security: Yes
----------------------------------------------------------------------
Description: Various security problems were fixed in the wireshark 0.99.6 release,
which were backported to ethereal (predecessor of wireshark):

CVE-2007-3389: Wireshark allowed remote attackers to cause a denial of
service (crash) via a crafted chunked encoding in an HTTP response,
possibly related to a zero-length payload.

CVE-2007-3390: Wireshark when running on certain
systems, allowed remote attackers to cause a denial of service (crash)
via crafted iSeries capture files that trigger a SIGTRAP.

CVE-2007-3391: Wireshark allowed remote attackers to cause a denial of service
(memory consumption) via a malformed DCP ETSI packet that triggers an
infinite loop.

CVE-2007-3392: Wireshark allowed remote attackers to cause a denial of
service via malformed (1) SSL or (2) MMS packets that trigger an
infinite loop.

CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark
allowed remote attackers to cause a denial of service (crash)
via crafted DHCP-over-DOCSIS packets.