Mandriva 1273 Published by

Updated tcpdump packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: tcpdump
Advisory ID: MDKSA-2005:101
Date: June 15th, 2005

Affected versions: 10.1, 10.2
______________________________________________________________________

Problem Description:

A Denial of Service vulnerability was found in tcpdump during the processing of certain network packages. Because of this flaw, it was possible for an attacker to inject a carefully crafted packet onto the network which would crash a running tcpdump session.

The updated packages have been patched to correct this problem. This problem does not affect at least tcpdump 3.8.1 and earlier.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
19f997352f3fef16e9809c33a9fd9e6f 10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.i586.rpm
91566ff6914608573f685a750a23e4a2 10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
23da8b573535902af955c3bc52b8da45 x86_64/10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.x86_64.rpm
91566ff6914608573f685a750a23e4a2 x86_64/10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm

Mandrakelinux 10.2:
317345c2da874d9c8b1333fcf7b0f81a 10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.i586.rpm
c7e1bb066e89aaa17188a9548262aee3 10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
49053eec4a4b00732cef1da5405a2ea5 x86_64/10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.x86_64.rpm
c7e1bb066e89aaa17188a9548262aee3 x86_64/10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com