English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0084

Package name:      tcpdump
Summary:           Incorrect bounds checking
Date:              2002-12-19
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  Tcpdump is a command-line tool for monitoring network traffic.
  Tcpdump can capture and display the packet headers on a particular
  network interface or on all interfaces.  Tcpdump can display all of
  the packet headers, or just the ones that match particular criteria.


Problem description:
  Tcpdump tries to decode packages it sees on the network to provide
  some information to the user.  In the decoding of BGP packages, it
  failed to do proper bounds checking.  The impact is not known, but
  it could at least be used to crash tcpdump.  This is fixed in the
  3.7.1 release of tcpdump.

  In addition, we have upgraded libpcap and arpwatch to resolve
  dependencies.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0084-tcpdump.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
824e7cf0772ba11aba56d98c08f951d6  ./1.1/RPMS/arpwatch-2.1a11-2tr.i586.rpm
c95236148c009f7365f3497a14add5b4  ./1.1/RPMS/libpcap-0.7.1-2tr.i586.rpm
d0eb21ecad3542f89ae88b8707359236  ./1.1/RPMS/tcpdump-3.7.1-2tr.i586.rpm
47c5a0e065911176c9b6f1569b4dee62  ./1.1/SRPMS/arpwatch-2.1a11-2tr.src.rpm
a07a2aac096c3097536b9688241016ea  ./1.1/SRPMS/libpcap-0.7.1-2tr.src.rpm
659a448d9c335ac09eda2b18ead701e4  ./1.1/SRPMS/tcpdump-3.7.1-2tr.src.rpm
b57f1b852378665c4d2a2e17bf81d329  ./1.2/RPMS/arpwatch-2.1a11-2tr.i586.rpm
c4d8b5d252ec86a1ba26919fd84e359e  ./1.2/RPMS/libpcap-0.7.1-2tr.i586.rpm
df7ede2ec5728304ec81edf17305a88a  ./1.2/RPMS/tcpdump-3.7.1-2tr.i586.rpm
47c5a0e065911176c9b6f1569b4dee62  ./1.2/SRPMS/arpwatch-2.1a11-2tr.src.rpm
a07a2aac096c3097536b9688241016ea  ./1.2/SRPMS/libpcap-0.7.1-2tr.src.rpm
659a448d9c335ac09eda2b18ead701e4  ./1.2/SRPMS/tcpdump-3.7.1-2tr.src.rpm
e6fba4806f2dabdfe344c735a3756206  ./1.5/RPMS/arpwatch-2.1a11-2tr.i586.rpm
e4205a7ef19af19e2748faa371dc5bc9  ./1.5/RPMS/libpcap-0.7.1-2tr.i586.rpm
921390de9b10db4b2651a3cdebd00580  ./1.5/RPMS/tcpdump-3.7.1-2tr.i586.rpm
47c5a0e065911176c9b6f1569b4dee62  ./1.5/SRPMS/arpwatch-2.1a11-2tr.src.rpm
a07a2aac096c3097536b9688241016ea  ./1.5/SRPMS/libpcap-0.7.1-2tr.src.rpm
659a448d9c335ac09eda2b18ead701e4  ./1.5/SRPMS/tcpdump-3.7.1-2tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+AhWjwRTcg4BxxS0RAiqsAJ9yJY0dSwAJTGqub4HGVlwAR2GySACggJwk
GY0JUTjt+4a3xUY+HY0uUqc=
=pM84
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.