lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DWFbU-0002w5-TS@mercury.mandriva.com>
Date: Thu, 12 May 2005 09:28:00 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           tcpdump
 Advisory ID:            MDKSA-2005:087
 Date:                   May 11th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A number of Denial of Service vulnerabilities were discovered in the
 way that tcpdump processes certain network packets.  If abused, these
 flaws can allow a remote attacker to inject a carefully crafted packet
 onto the network, crashing tcpdump.
 
 The provided packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 e73bd8a6947c3685f0a1dcd370103a2d  10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.i586.rpm
 1e36745b1695e0272989183d00489401  10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 49a077ec66ad00b73e7448328ef86b44  amd64/10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.amd64.rpm
 1e36745b1695e0272989183d00489401  amd64/10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 67d319eed39f1bafb30a25e57f7add2a  10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.i586.rpm
 9367b2c7064311b7552a516c71da2335  10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 797c8b13a984821bf42b3a1ff1f0606f  x86_64/10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.x86_64.rpm
 9367b2c7064311b7552a516c71da2335  x86_64/10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 5e3b9eaf014d072536aee3d4153149fd  10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.i586.rpm
 a84d58a6c8e197106db7550b89cd7bc9  10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 46175965cf9fe968060f04212469403d  x86_64/10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.x86_64.rpm
 a84d58a6c8e197106db7550b89cd7bc9  x86_64/10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm

 Corporate Server 2.1:
 aa300032c33e2bbe3f4a164a0202c410  corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.i586.rpm
 d56843af254ecdebf9c047f6fb903149  corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d539efda2769654b6a7368b74565d613  x86_64/corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.x86_64.rpm
 d56843af254ecdebf9c047f6fb903149  x86_64/corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm

 Corporate 3.0:
 df9e3b52c36c3a68aa3c5a12464dfa33  corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.i586.rpm
 13100cead5f5b078e0b3249d1f522339  corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 69a3d5fc2be9891eaeea2d1a0ebbfc09  x86_64/corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.x86_64.rpm
 13100cead5f5b078e0b3249d1f522339  x86_64/corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCg3YAmqjQ0CJFipgRAvS+AJ0cehmVbljRCl/cttYQcpWEPVSjRQCbBqUx
nAuXy6n6kwgEVx3rVxZbRE8=
=Rst9
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ