Potential security issues have been discovered in the following protocol dissectors:
- An improperly formatted GTP MSISDN string could cause a buffer overflow.
- A malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash.
- The SOCKS dissector was susceptible to a heap overlfow.
It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.
Upgrade to 0.9.16.
If you are running a version prior to 0.9.16 and you cannot upgrade, you can disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them from the list.
Beyond the security fixes, you've got to see the new toolbar! Wow, Ethereal is looking good.