Description: Issues have been discovered in the following protocol dissectors: * The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4) * SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4) * The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4) Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. http://www.ethereal.com/appnotes/enpa-sa-00015.html
netmon: please bump ethereal to 0.10.5. Target keywords based on previous vulnerable ebuilds: "alpha amd64 ia64 ppc sparc x86"
0.10.5, in portage now, I've marked x86 stable.
Arches: please mark stable
stable on amd64
Stable on ppc.
Stable on sparc.
Supported arches are stable, this is ready for a GLSA.
GLSA drafted : security please review
glsa 200407-08
Stable on alpha as well.