lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050621134757.GA10173@piware.de>
Date: Tue Jun 21 14:48:08 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-141-1] tcpdump vulnerability

===========================================================
Ubuntu Security Notice USN-141-1	      June 21, 2005
tcpdump vulnerability
CAN-2005-1267
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

tcpdump

The problem can be corrected by upgrading the affected package to
version 3.8.3-3ubuntu0.3 (for Ubuntu 4.10), or 3.8.3-3ubuntu0.4 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

It was discovered that certain invalid BGP packets triggered an
infinite loop in tcpdump, which caused tcpdump to stop working. This
could be abused by a remote attacker to bypass tcpdump analysis of
network traffic.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3.diff.gz
      Size/MD5:    10896 4702377c3189048522d6c001c9bc6f20
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3.dsc
      Size/MD5:      672 59625b40bdce1e52cdef6f04845f9af2
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3.orig.tar.gz
      Size/MD5:   567116 30645001f4b97019677cad88d3811904

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3_amd64.deb
      Size/MD5:   255700 0cd4c99be36a5cb2cb90397ae61678fe

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3_i386.deb
      Size/MD5:   234606 d4d65d97e0bc543f163fd3d69dc5f9bb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.3_powerpc.deb
      Size/MD5:   245540 7f674bb7675833678023d791a3b5cecb

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4.diff.gz
      Size/MD5:    10932 426d64f415eb78d225f952126d37d149
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4.dsc
      Size/MD5:      672 106d0e1f304bfac046cb5ee92178d03c
    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3.orig.tar.gz
      Size/MD5:   567116 30645001f4b97019677cad88d3811904

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4_amd64.deb
      Size/MD5:   255684 1b772031ea02ddc34540d57c2e887fad

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4_i386.deb
      Size/MD5:   234620 1e9c285b47b0639cfa32085665b430aa

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3ubuntu0.4_powerpc.deb
      Size/MD5:   245566 537c353da73354ba16cef78f2d77e5e9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050621/79444dfb/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ