Red Hat 8845 Published by

Fedora Legacy Update Advisory

Synopsis: Updated tcpdump packages fix security issues
Advisory ID: FLSA:156139
Issue date: 2006-04-04
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix, Security
CVE Names: CVE-2005-1267, CVE-2005-1278, CVE-2005-1279,
CVE-2005-1280
---------------------------------------------------------------------



---------------------------------------------------------------------
1. Topic:

Updated tcpdump packages that fix several security issues are now
available.

Tcpdump is a command-line tool for monitoring network traffic.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

Several denial of service bugs were found in the way tcpdump processes
certain network packets. It is possible for an attacker to inject a
carefully crafted packet onto the network, crashing a running tcpdump
session. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-1267, CVE-2005-1278,
CVE-2005-1279, and CVE-2005-1280 to these issues.

Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these
issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156139

6. RPMs required:

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/tcpdump-3.7.2-7.9
.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7.9.
4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/libpcap-0.7.2-7.9.
4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11-7.
9.4.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/tcpdump-3.7.2-8.f
c1.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/tcpdump-3.7.2-8.fc
1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/libpcap-0.7.2-8.fc
1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/arpwatch-2.1a11-8.
fc1.3.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/tcpdump-3.8.2-6.F
C2.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/tcpdump-3.8.2-6.FC
2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/libpcap-0.8.3-6.FC
2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/arpwatch-2.1a13-6.
FC2.3.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
---------------------------------------------------------------------

0beccb4a6dd929174bc2d70d680a2e3c4a094391
redhat/9/updates/i386/tcpdump-3.7.2-7.9.4.legacy.i386.rpm
71e1ffc2c4dbf2a5c754630e198f17af94000e66
redhat/9/updates/i386/libpcap-0.7.2-7.9.4.legacy.i386.rpm
843a832974f531413a8e406491f6c91d09bda24d
redhat/9/updates/i386/arpwatch-2.1a11-7.9.4.legacy.i386.rpm
192fa5bbebe8039f3c23b8aa26804d1c4b788412
redhat/9/updates/SRPMS/tcpdump-3.7.2-7.9.4.legacy.src.rpm

1a426b6225718dbd325fbe0c6d54f8904b710103
fedora/1/updates/i386/tcpdump-3.7.2-8.fc1.3.legacy.i386.rpm
45cffdb7d98c2eb03da004d89b776a7050ff5c40
fedora/1/updates/i386/libpcap-0.7.2-8.fc1.3.legacy.i386.rpm
75e263aa296969c873d0475cc1c0785c30ea24d6
fedora/1/updates/i386/arpwatch-2.1a11-8.fc1.3.legacy.i386.rpm
6e86c20a8af1fc607809c713d7ac00ab5e2f717c
fedora/1/updates/SRPMS/tcpdump-3.7.2-8.fc1.3.legacy.src.rpm

32d0dcf31fbe12225954cc32dad45dbcb6c5f5e4
fedora/2/updates/i386/tcpdump-3.8.2-6.FC2.3.legacy.i386.rpm
c84625e92600faa8566129c8229daa6c328dcee9
fedora/2/updates/i386/libpcap-0.8.3-6.FC2.3.legacy.i386.rpm
dbdcbed104a6d3985a0735aab55031a3be0e1a74
fedora/2/updates/i386/arpwatch-2.1a13-6.FC2.3.legacy.i386.rpm
bb98c4cd71507e4dec94da2c1c9f95ee9bbacde1
fedora/2/updates/SRPMS/tcpdump-3.8.2-6.FC2.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1280

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org