<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:101 - Updated tcpdump packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           tcpdump
 Advisory ID:            MDKSA-2005:101
 Date:                   June 15th, 2005

 Affected versions:      10.1, 10.2
 ______________________________________________________________________

 Problem Description:

 A Denial of Service vulnerability was found in tcpdump during the
 processing of certain network packages.  Because of this flaw, it was
 possible for an attacker to inject a carefully crafted packet onto the
 network which would crash a running tcpdump session.
 
 The updated packages have been patched to correct this problem.  This
 problem does not affect at least tcpdump 3.8.1 and earlier.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 19f997352f3fef16e9809c33a9fd9e6f  10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.i586.rpm
 91566ff6914608573f685a750a23e4a2  10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 23da8b573535902af955c3bc52b8da45  
x86_64/10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.x86_64.rpm
 91566ff6914608573f685a750a23e4a2  
x86_64/10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 317345c2da874d9c8b1333fcf7b0f81a  10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.i586.rpm
 c7e1bb066e89aaa17188a9548262aee3  10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 49053eec4a4b00732cef1da5405a2ea5  
x86_64/10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.x86_64.rpm
 c7e1bb066e89aaa17188a9548262aee3  
x86_64/10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCsMrXmqjQ0CJFipgRAmP0AJwLuFrMMK8h6wdN1iAfWxvv+i9QQwCgwWvd
yl0llHYE2Tgp0tU5Cgb05pI=
=GV7W
-----END PGP SIGNATURE-----