Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-126-1 ettercap

Debian Security Advisory

DLA-126-1 ettercap -- LTS security update

Date Reported:

29 Dec 2014

Affected Packages:

ettercap

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 773416.
In Mitre's CVE dictionary: CVE-2014-9380, CVE-2014-9381.

More information:

Patches a bunch of security vulnerabilities:

• CVE-2014-9380 (Buffer over-read)
• CVE-2014-9381 (Signedness error)

See: https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ Patches taken from upstream

• 6b196e011fa456499ed4650a360961a2f1323818 pull/608
• 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609

Thanks to Nick Sampanis who is responsible for both finding and repairing these issues.

For Debian 6 Squeeze, these issues have been fixed in ettercap version 1:0.7.3-2.1+squeeze2