From security@mandriva.com Thu Jun 16 11:38:14 2005 From: Mandriva Security Team To: bugtraq@securityfocus.com Date: Wed, 15 Jun 2005 18:42:00 -0600 Subject: MDKSA-2005:101 - Updated tcpdump packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: tcpdump Advisory ID: MDKSA-2005:101 Date: June 15th, 2005 Affected versions: 10.1, 10.2 ______________________________________________________________________ Problem Description: A Denial of Service vulnerability was found in tcpdump during the processing of certain network packages. Because of this flaw, it was possible for an attacker to inject a carefully crafted packet onto the network which would crash a running tcpdump session. The updated packages have been patched to correct this problem. This problem does not affect at least tcpdump 3.8.1 and earlier. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: 19f997352f3fef16e9809c33a9fd9e6f 10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.i586.rpm 91566ff6914608573f685a750a23e4a2 10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 23da8b573535902af955c3bc52b8da45 x86_64/10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.x86_64.rpm 91566ff6914608573f685a750a23e4a2 x86_64/10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm Mandrakelinux 10.2: 317345c2da874d9c8b1333fcf7b0f81a 10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.i586.rpm c7e1bb066e89aaa17188a9548262aee3 10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 49053eec4a4b00732cef1da5405a2ea5 x86_64/10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.x86_64.rpm c7e1bb066e89aaa17188a9548262aee3 x86_64/10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCsMrXmqjQ0CJFipgRAmP0AJwLuFrMMK8h6wdN1iAfWxvv+i9QQwCgwWvd yl0llHYE2Tgp0tU5Cgb05pI= =GV7W -----END PGP SIGNATURE-----