SuSE 10 Security Update : ethereal (ZYPP Patch Number 2248)
Medium Nessus Plugin ID 29420
The remote SuSE 10 host is missing a security-related patch.
Various problems have been fixed in the network analyzer Ethereal, most leading to crashes of the ethereal program. - A unspecified vulnerability in the LDAP dissector could be used to crash Ethereal. (CVE-2006-5740) - A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low. (CVE-2006-4574) - A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal. (CVE-2006-4805) - The WBXML dissector could be used to crash ethereal. (CVE-2006-5469) - A NULL pointer dereference in the HTTP dissector could crash ethereal. (CVE-2006-5468)