From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities
Message-Id: <E1DWFbU-0002w5-TS@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Thu, 12 May 2005 09:28:00 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: tcpdump
Advisory ID: MDKSA-2005:087
Date: May 11th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of Denial of Service vulnerabilities were discovered in the
way that tcpdump processes certain network packets. If abused, these
flaws can allow a remote attacker to inject a carefully crafted packet
onto the network, crashing tcpdump.
The provided packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
e73bd8a6947c3685f0a1dcd370103a2d 10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.i586.rpm
1e36745b1695e0272989183d00489401 10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
49a077ec66ad00b73e7448328ef86b44 amd64/10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.amd64.rpm
1e36745b1695e0272989183d00489401 amd64/10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm
Mandrakelinux 10.1:
67d319eed39f1bafb30a25e57f7add2a 10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.i586.rpm
9367b2c7064311b7552a516c71da2335 10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
797c8b13a984821bf42b3a1ff1f0606f x86_64/10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.x86_64.rpm
9367b2c7064311b7552a516c71da2335 x86_64/10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm
Mandrakelinux 10.2:
5e3b9eaf014d072536aee3d4153149fd 10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.i586.rpm
a84d58a6c8e197106db7550b89cd7bc9 10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
46175965cf9fe968060f04212469403d x86_64/10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.x86_64.rpm
a84d58a6c8e197106db7550b89cd7bc9 x86_64/10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm
Corporate Server 2.1:
aa300032c33e2bbe3f4a164a0202c410 corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.i586.rpm
d56843af254ecdebf9c047f6fb903149 corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d539efda2769654b6a7368b74565d613 x86_64/corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.x86_64.rpm
d56843af254ecdebf9c047f6fb903149 x86_64/corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm
Corporate 3.0:
df9e3b52c36c3a68aa3c5a12464dfa33 corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.i586.rpm
13100cead5f5b078e0b3249d1f522339 corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
69a3d5fc2be9891eaeea2d1a0ebbfc09 x86_64/corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.x86_64.rpm
13100cead5f5b078e0b3249d1f522339 x86_64/corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCg3YAmqjQ0CJFipgRAvS+AJ0cehmVbljRCl/cttYQcpWEPVSjRQCbBqUx
nAuXy6n6kwgEVx3rVxZbRE8=
=Rst9
-----END PGP SIGNATURE-----