Am Tue, 6 Apr 2004 15:35:19 -0700 schrieb Matt Zimmerman <[EMAIL PROTECTED]>:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 478-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Matt Zimmerman > April 6th, 2004 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : tcpdump > Vulnerability : denial of service > Problem-Type : remote > Debian-specific: no > CVE Ids : CAN-2004-0183 CAN-2004-0184 > > tcpdump, a tool for network monitoring and data acquisition, was found > to contain two vulnerabilities whereby tcpdump could be caused to > crash through attempts to read from invalid memory locations. This > bug is triggered by certain invalid ISAKMP packets. > > For the current stable distribution (woody) these problems have been > fixed in version 3.6.2-2.8. > > For the unstable distribution (sid), these problems have been fixed in > version 3.7.2-4. > > We recommend that you update your tcpdump package. > > Upgrade Instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > Debian GNU/Linux 3.0 alias woody > - -------------------------------- > > Source archives: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8.dsc > Size/MD5 checksum: 587 3ea0f5275b154c914cdc9dea888e8a06 > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8.diff.gz > Size/MD5 checksum: 14097 7627c0d531403f0b0bdc7eaec51fb467 > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz > Size/MD5 checksum: 380635 6bc8da35f9eed4e675bfdf04ce312248 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_alpha.deb > Size/MD5 checksum: 214766 bf78750a3d7c0c963459eea70c45da6a > > ARM architecture: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_arm.deb > Size/MD5 checksum: 180688 c876fa96a530b66260e4310131ffd8df > > Intel IA-32 architecture: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_i386.deb > Size/MD5 checksum: 170210 96f4b92404a0c7b70b1cb37d03d16b70 > > Intel IA-64 architecture: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_ia64.deb > Size/MD5 checksum: 248364 b127ef521476369c4be62bb8b7de2ff2 > > HP Precision architecture: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_hppa.deb > Size/MD5 checksum: 196824 be99a94ba73d77f13626397cc1b20b4c > > Motorola 680x0 architecture: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_m68k.deb > Size/MD5 checksum: 158452 6c6679b4baf1c6b5b347d803d91acf83 > > Big endian MIPS architecture: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_mips.deb > Size/MD5 checksum: 189936 90ccf025c9fab09251d6d60601e5c710 > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_mipsel.deb > Size/MD5 checksum: 194318 cf0dd499755794f3086e5d40d3190bec > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_powerpc.deb > Size/MD5 checksum: 177884 8a11b2a3fada3302b32d383ba2a5de44 > > IBM S/390 architecture: > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_s390.deb > Size/MD5 checksum: 175274 4541e31919482795ae84406f7122e06a > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_sparc.deb > Size/MD5 checksum: 180776 d6b4803e379f9354eb4a3f4546bdc22b > > These files will probably be moved into the stable distribution on > its next revision. > > - --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: [EMAIL PROTECTED] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFAczChArxCt0PiXR4RArG+AJ0b5hpLhc069+j+rydCbs3dCtRLrQCggX6C > FoDISieg/l563iLJQffPrCs= > =m3dO > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- How many seconds are there in a year? If I tell you there are 3.155 x 10^7, you won't even try to remember it. On the other hand, who could forget that, to within half a percent, pi seconds is a nanocentury. -- Tom Duff, Bell Labs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
