Ethereal 0.10.14 has been released and it fixes three security vulnerabilities: - The IRC dissector could go into an infinite loop. Versions affected: 0.10.13. - The GTP dissector could go into an infinite loop. Versions affected: 0.9.1 to 0.10.13. - iDefense found a buffer overflow in the OSPF dissector. Versions affected: 0.8.20 to 0.10.13.
The buffer overflow was already fixed on bug #115030. The two infinite loop issues remain. netmon please advise and bump as necessary.
.
ethereal-0.10.14 added verified that OSPF code is fixed IRC code is the same as 0.10.13-r2 so this is only a GTP dissector DoS. I tend to vote no to a GLSA based on this.
x86 stable
stable on ppc64
amd64 stable
sparc stable.
ppc stable
Stable on alpha Cheers, Ferdy
I tend to vote no.
I tend to vote NO too.
i'd say no, too
I vote no.
ok, enough no-votes to close without glsa. ia64 shouldn't forget to stable.