USN-492-1: tcpdump vulnerability
Posted on: 07/31/2007 04:20 AM

A new tcpdump vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-492-1 July 30, 2007
tcpdump vulnerability
CVE-2007-3798
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
tcpdump 3.9.4-2ubuntu0.2

Ubuntu 6.10:
tcpdump 3.9.4-4ubuntu0.2

Ubuntu 7.04:
tcpdump 3.9.5-2ubuntu1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the BGP dissector of tcpdump. Remote
attackers could send specially crafted packets and execute arbitrary
code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.2.diff.gz
Size/MD5: 11829 2c911638159adc11d2ff54f96182de54
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.2.dsc
Size/MD5: 685 a8ab006366dbe0973e06d08bec9ed359
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.ori=
g.tar.gz
Size/MD5: 716862 4b64755bbc8ba1af49c747271a6df5b8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.2_amd64.deb
Size/MD5: 313048 eeb295aada8253ed88675759a5b9fefc

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.2_i386.deb
Size/MD5: 289664 ae14411448b3cc4f6aeb99137ab08242

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.2_powerpc.deb
Size/MD5: 301184 227cfb459beba4f873524ff0351994d7

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-2ub=
untu0.2_sparc.deb
Size/MD5: 305034 56c94f1b847c19301e59c0ca09b05373

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.2.diff.gz
Size/MD5: 11966 781a774a620649e0c6a6e208fb98644c
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.2.dsc
Size/MD5: 632 7f81be7f487baa766845a1701d95d797
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4.ori=
g.tar.gz
Size/MD5: 716862 4b64755bbc8ba1af49c747271a6df5b8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.2_amd64.deb
Size/MD5: 315162 7b2246a74280ede3bb105aa580cd0866

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.2_i386.deb
Size/MD5: 300680 4125eb94e7ec30f41d03740f0154f504

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.2_powerpc.deb
Size/MD5: 303704 0f1c7c7cc722c6039f8078ea620a75ad

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.4-4ub=
untu0.2_sparc.deb
Size/MD5: 308620 7c11b491590794464980b7e4bb801925

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ub=
untu1.diff.gz
Size/MD5: 11970 c875dadc73193df8f1bba9ebac4a9bcc
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ub=
untu1.dsc
Size/MD5: 712 037ba4c3cf2113ac1ee02f3008cc4917
http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5.ori=
g.tar.gz
Size/MD5: 712411 2135e7b1f09af0eaf66d2af822bed44a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ub=
untu1_amd64.deb
Size/MD5: 317680 164f2980e2673cc641661a859c260d98

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ub=
untu1_i386.deb
Size/MD5: 303426 1f5aaddf44cd3057241f6e2364183ecd

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ub=
untu1_powerpc.deb
Size/MD5: 308756 06ca55a167c3b0caac6add7a8d0b2981

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.9.5-2ub=
untu1_sparc.deb
Size/MD5: 312192 dce58020c8b5a99316e3d1d1fba2923b


--bi5JUZtvcfApsciF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGrqpwH/9LqRcGPm0RAo5aAKCFuHY6ukeuyj604FfVYetVVGNZqgCgod/3
YS/Ma2UxuLaUsLqU/yrUD2w=
=4X6X
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_492_1_tcpdump_vulnerability.html)