Yellow Dog Linux Security Advisory: YDU-20020606-3
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:28 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: tcpdump
Issue Date: June 06, 2002
Priority: medium
Advisory ID: YDU-20020606-3
1. Topic:
Updated tcpdump packages are available.
2. Problem:
"tcpdump is a command-line tool for monitoring network traffic. Versions of
tcpdump up to and including 3.6.2 have a buffer overflow that can be
triggered when tracing the network by a bad NFS packet.
We are not yet aware if this issue is fully exploitable; however, users of
tcpdump are advised to upgrade to these errata packages which contain a
patch for this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0380 to this issue. This issue was found by
David Woodhouse of Red Hat."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install tcpdump libpcap arpwatch
b) Updating manually...
The update can also be retrieved manually from our ftp site
below along with the rpm command that should be used to install
the update. (Please use a mirror site)
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
rpm -Fvh tcpdump-3.6.2-11.7.2.0.ppc.rpm
rpm -Fvh libpcap-0.6.2-11.7.2.0.ppc.rpm
rpm -Fvh arpwatch-2.1a11-11.7.2.0.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
4cbdf784c6df0c45f36510efa5000db7 ppc/arpwatch-2.1a11-11.7.2.0.ppc.rpm
4e61e984a55c908936464b2722252d17 ppc/libpcap-0.6.2-11.7.2.0.ppc.rpm
0f0542ca1d970a9f5e4f54a56bbf3422 ppc/tcpdump-3.6.2-11.7.2.0.ppc.rpm
c20479a607213622c6c6a9cea92e4a83 SRPMS/tcpdump-3.6.2-11.7.2.0.src.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml