A NULL pointer dereference flaw was found in the way EtherApe, a graphical network monitor, decoded certain RPC packets. A remote attacker could provide a specially-crafted packet capture file, which once opened by a local unsuspecting user could lead to denial of service (etherape executable crash).
(upstream bug report)
(relevant upstream patch)
This issue has been addressed for Fedora-15 via the following update:
This issue affects the version of the etherape package, as shipped with Fedora release of 14. Please schedule an update.
Created etherape tracking bugs for this issue
Affects: fedora-14 [bug 739649]
The CVE identifier of CVE-2011-3369 has been assigned to this issue:
(In reply to comment #1)
> This issue has been addressed for Fedora-15 via the following update:
The above is probably incorrect. 0.9.7-12.fc15 was just rebuild not adding any patch. It also pre-dates upstream bug report.
Upstream report says:
Thank you. Fixed in 0.9.12
which is probably the source of the confusion (.12 vs. .7-12).