From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:101 - Updated tcpdump packages fix vulnerability
Message-Id: <E1DiiSG-0005XA-5K@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 15 Jun 2005 18:42:00 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: tcpdump
Advisory ID: MDKSA-2005:101
Date: June 15th, 2005
Affected versions: 10.1, 10.2
______________________________________________________________________
Problem Description:
A Denial of Service vulnerability was found in tcpdump during the
processing of certain network packages. Because of this flaw, it was
possible for an attacker to inject a carefully crafted packet onto the
network which would crash a running tcpdump session.
The updated packages have been patched to correct this problem. This
problem does not affect at least tcpdump 3.8.1 and earlier.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
19f997352f3fef16e9809c33a9fd9e6f 10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.i586.rpm
91566ff6914608573f685a750a23e4a2 10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
23da8b573535902af955c3bc52b8da45 x86_64/10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.x86_64.rpm
91566ff6914608573f685a750a23e4a2 x86_64/10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm
Mandrakelinux 10.2:
317345c2da874d9c8b1333fcf7b0f81a 10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.i586.rpm
c7e1bb066e89aaa17188a9548262aee3 10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
49053eec4a4b00732cef1da5405a2ea5 x86_64/10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.x86_64.rpm
c7e1bb066e89aaa17188a9548262aee3 x86_64/10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCsMrXmqjQ0CJFipgRAmP0AJwLuFrMMK8h6wdN1iAfWxvv+i9QQwCgwWvd
yl0llHYE2Tgp0tU5Cgb05pI=
=GV7W
-----END PGP SIGNATURE-----