openSUSE 10 Security Update : ethereal (ethereal-2246)
Medium Nessus Plugin ID 27207
SynopsisThe remote openSUSE host is missing a security update.
DescriptionVarious problems have been fixed in the network analyzer Ethereal, most leading to crashes of the ethereal program.
CVE-2006-5740: A unspecified vulnerability in the LDAP dissector could be used to crash Ethereal.
CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low.
CVE-2006-4805: A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal.
CVE-2006-5469: The WBXML dissector could be used to crash ethereal.
CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could crash ethereal.
SolutionUpdate the affected ethereal packages.