ASA-201709-16 log generated external raw

[ASA-201709-16] ettercap: multiple issues
Arch Linux Security Advisory ASA-201709-16 ========================================== Severity: High Date : 2017-09-18 CVE-ID : CVE-2017-6430 CVE-2017-8366 Package : ettercap Type : multiple issues Remote : No Link : Summary ======= The package ettercap before version 0.8.2-5 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 0.8.2-5. # pacman -Syu "ettercap>=0.8.2-5" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2017-6430 (denial of service) The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows attackers to cause a denial of service (out-of-bounds read) via a crafted filter. - CVE-2017-8366 (arbitrary code execution) The strescape function in ec_strings.c in Ettercap 0.8.2 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code via a crafted filter that is mishandled by etterfilter. Impact ====== An attacker is able to crash the application or execute arbitrary code by tricking the user to open a specially crafted filter. References ==========