Yellow Dog Linux Security Advisory: YDU-20020606-3

Dan Burcaw yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:28 -0600 (MDT) 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	tcpdump	
Issue Date: 	June 06, 2002	
Priority:	medium		
Advisory ID: 	YDU-20020606-3


1. 	Topic:

	Updated tcpdump packages are available.


2. 	Problem:

	"tcpdump is a command-line tool for monitoring network traffic.  Versions of
	tcpdump up to and including 3.6.2 have a buffer overflow that can be
	triggered when tracing the network by a bad NFS packet.

	We are not yet aware if this issue is fully exploitable; however, users of
	tcpdump are advised to upgrade to these errata packages which contain a
	patch for this issue.

	The Common Vulnerabilities and Exposures project (cve.mitre.org) has
	assigned the name CAN-2002-0380 to this issue.  This issue was found by
	David Woodhouse of Red Hat."
	(from Red Hat Advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install tcpdump libpcap arpwatch

   	b) Updating manually...
   	The update can also be retrieved manually from our ftp site
   	below along with the rpm command that should be used to install
   	the update.  (Please use a mirror site)

   		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
		rpm -Fvh tcpdump-3.6.2-11.7.2.0.ppc.rpm
		rpm -Fvh libpcap-0.6.2-11.7.2.0.ppc.rpm
		rpm -Fvh arpwatch-2.1a11-11.7.2.0.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
4cbdf784c6df0c45f36510efa5000db7  ppc/arpwatch-2.1a11-11.7.2.0.ppc.rpm
4e61e984a55c908936464b2722252d17  ppc/libpcap-0.6.2-11.7.2.0.ppc.rpm
0f0542ca1d970a9f5e4f54a56bbf3422  ppc/tcpdump-3.6.2-11.7.2.0.ppc.rpm
c20479a607213622c6c6a9cea92e4a83  SRPMS/tcpdump-3.6.2-11.7.2.0.src.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml