USN-429-1: tcpdump vulnerability
Posted on: 03/06/2007 11:15 PM

A new tcpdump vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-429-1 March 06, 2007
tcpdump vulnerability
CVE-2007-1218
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
tcpdump 3.9.1-1ubuntu1.1

Ubuntu 6.06 LTS:
tcpdump 3.9.4-2ubuntu0.1

Ubuntu 6.10:
tcpdump 3.9.4-4ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Moritz Jodeit discovered that tcpdump had an overflow in the 802.11
packet parser. Remote attackers could send specially crafted packets,
crashing tcpdump, possibly leading to a denial of service.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ub=
untu1.1.diff.gz
Size/MD5: 12037 9086124de1072e521624979a49a41749
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ub=
untu1.1.dsc
Size/MD5: 672 aa2dbeff2bbc288a8d98bff3d0743d10
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1.ori=
g.tar.gz
Size/MD5: 662060 5f589a34be42d335176d1b8cfcbd1f6b

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ub=
untu1.1_amd64.deb
Size/MD5: 307150 324c0c4ae58717e2e0af4c3e251c72c9

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ub=
untu1.1_i386.deb
Size/MD5: 284880 05fcf0bd9f44a884cce9576f64593614

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ub=
untu1.1_powerpc.deb
Size/MD5: 294816 561ba6b77837204cd6cc9e088b77fccd

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.1-1ub=
untu1.1_sparc.deb
Size/MD5: 299920 d759b94205402352adb055af34a70ebd

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.1.diff.gz
Size/MD5: 10786 a46a8c2116b0e280127b0f4ca7f85c2b
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.1.dsc
Size/MD5: 685 21536cc080bd4dc72fdb0635349e29cc
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.ori=
g.tar.gz
Size/MD5: 716862 4b64755bbc8ba1af49c747271a6df5b8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.1_amd64.deb
Size/MD5: 312992 92e764c3084d0e9ed236afa956755fef

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.1_i386.deb
Size/MD5: 289554 83a973219fcc4cb4edb27cb1c820666b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.1_powerpc.deb
Size/MD5: 301108 e810b1f74b8e8722cc81aa7bcf0ca64c

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.1_sparc.deb
Size/MD5: 304888 59349548d64f1b8bb8b79018754bdf0d

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.1.diff.gz
Size/MD5: 10919 0fbd287a08757cfa3a9c52f12d8147e3
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.1.dsc
Size/MD5: 632 283ba6bae274162eb64aa8039ebd4062
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.ori=
g.tar.gz
Size/MD5: 716862 4b64755bbc8ba1af49c747271a6df5b8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.1_amd64.deb
Size/MD5: 314924 5aa45e116446876b771524b6631ab3a8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.1_i386.deb
Size/MD5: 300618 de0caa6ea55db70547fa1cec2fd0056e

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.1_powerpc.deb
Size/MD5: 303532 1c5dd389b720a339df581dd277d63d84

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.1_sparc.deb
Size/MD5: 308412 9c27ed7d8f42e0790902a985e687e5e1


--MW5yreqqjyrRcusr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF7eTFH/9LqRcGPm0RAkE4AKCQXX7GBO17CQF1XAdiEZNmasGpmQCeO6Ir
JfVxqQSs2zYPzrjBMz18lio=
=bPc0
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_429_1_tcpdump_vulnerability.html)