Fedora Legacy Test Update Notification: tcpdump

Jesse Keating jkeating at j2solutions.net
Thu Jan 22 04:42:22 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-1222
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1222
2004-01-21
- ---------------------------------------------------------------------

Name        : tcpdump
Versions    : 7.2: 2.1a11-17.7.2.4, 7.3: 2.1a11-17.7.3.4, 2.1a11-17.7.3.5
Summary     : A network traffic monitoring tool.
Description :
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces. Tcpdump can display all of the
packet headers, or just the ones that match particular criteria.

- ---------------------------------------------------------------------
Update Information:

CAN-2003-0989:
tcpdump before 3.8.1 allows remote attackers to cause a denial of service 
(infinite loop) via certain ISAKMP packets, a different vulnerability than 
CAN-2004-0057.

CAN-2004-0055:
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and 
earlier allows remote attackers to cause a denial of service (segmentation 
fault) via a RADIUS attribute with a large length value.

CAN-2004-0057:
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for 
tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of 
service (segmentation fault) via malformed ISAKMP packets that cause 
invalid "len" or "loc" values to be used in a loop, a different 
vulnerability than CAN-2003-0989.

- ---------------------------------------------------------------------
Changelog:

7.2, 7.3:
* Fri Jan 16 2004 Christian Pearce <pearcec at commnav.com -17.x.x.4
 
- - CAN-2003-0989 fix
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
- - CAN-2004-0055, CAN-2004-0057 fix
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
- - http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=

8.0:
* Wed Jan 21 2004 Christian Pearce <pearcec at commnav.com> -17.8.05
 
- - Added BuildRequires autoconf213.
- - Changed autoheader to autoheader-2.12
- - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=90208
 
* Fri Jan 16 2004 Christian Pearce <pearcec at commnav.com> -17.x.x.4
 
- - CAN-2003-0989 fix
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
- - CAN-2004-0055, CAN-2004-0057 fix
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
- - http://marc.theaimsgroup.com/?l=tcpdump-work

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
(sha1sums)

a10c0d99cd919f459a25fdb5562d6907667b33d3  
7.2/updates-testing/SRPMS/tcpdump-3.6.3-17.7.2.4.legacy.src.rpm
e3777ee05d6b57a81fa08a96b64aa45a0758e42f  
7.2/updates-testing/i386/tcpdump-3.6.3-17.7.2.4.legacy.i386.rpm
8e860cb231b7dd59345c2f82531d527ca78090b5  
7.2/updates-testing/i386/arpwatch-2.1a11-17.7.2.4.legacy.i386.rpm
795dd99495f288aacea6a8775e9aba8eb801e570  
7.2/updates-testing/i386/libpcap-0.6.2-17.7.2.4.legacy.i386.rpm

3b7cb6c9f62c259e2c24d056263281a44a5ce406  
7.3/updates-testing/SRPMS/tcpdump-3.6.3-17.7.3.4.legacy.src.rpm
cc1f3f75f7eb32a1ea2aa224cbae64190e5dcaf5  
7.3/updates-testing/i386/tcpdump-3.6.3-17.7.3.4.legacy.i386.rpm
7fbb66ee934dcb388489c94551c56ac74c3d0540  
7.3/updates-testing/i386/arpwatch-2.1a11-17.7.3.4.legacy.i386.rpm
5aeb410a107e4b82d0f62c6f8931d20998a8e1de  
7.3/updates-testing/i386/libpcap-0.6.2-17.7.3.4.legacy.i386.rpm

c9e455ef10ea70f69e269f6d71c3ded700424ca1  
8.0/updates-testing/SRPMS/tcpdump-3.6.3-17.8.0.5.legacy.src.rpm
cbb7cd725a50be1cbdbc8ee75a357229e847afac  
8.0/updates-testing/i386/tcpdump-3.6.3-17.8.0.5.legacy.i386.rpm
1f9aacbd480af1a754adc9d6190ddc06d2b491ab  
8.0/updates-testing/i386/arpwatch-2.1a11-17.8.0.5.legacy.i386.rpm
643931721424765748895f57f4ca53dba896378c  
8.0/updates-testing/i386/libpcap-0.6.2-17.8.0.5.legacy.i386.rpm

- ---------------------------------------------------------------------

Please test and comment in bugzilla.

- -- 
Jesse Keating RHCE MCSE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedora.us/wiki/FedoraLegacy)
Mondo DevTeam		(www.mondorescue.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAD1Su4v2HLvE71NURAlQaAJ4kJWEQOpq6fQhVG3CxpqM4ZigqnACgrmx4
p+0GGuqK/4wba9AW0FJWCZg=
=omjo
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list