DESCRIPTION Ethereal is a powerful network traffic analyzer with an intuitive interface.
This update addresses two vulnerabilities stated in ethereal's home page:
1.SNMP and LDAP string handling[1] The PROTOS[2] test suite developed by the Oulu University Secure Programming Group found some flaws in SNMP and LDAP protocols support in ethereal. It may be possible to crash or execute arbitrary code in the ethereal's context (ethereal is usually run by root) by injecting crafted packets in the network or convincing someone to open a trace file with such packets.
2.ASN.1 zero-length g_malloc[3] Due to improper string parsing in ASN.1 routines, it is possible to crash ethereal by inserting malformed packets in the wire or by opening a trace file with such packets inside. SNMP, LDAP, COPS and Kerberos parsers use the ASN routines to handle traffic.
There's also a third vulnerability reported in ethereal's home page related to zlib's double free bug, which have been addressed already by our zlib's advisory[4] some time ago.
SOLUTION All ethereal users should do the upgrade.
ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - add the following line to /etc/apt/sources.list if it is not there yet (you may also use linuxconf to do this):
Currently there are no Talkback posted on "Conectiva Linux Announcement: ethereal", 
