unsubscribe
Am Tue, 6 Apr 2004 15:35:19 -0700
schrieb Matt Zimmerman <mdz@debian.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 478-1 security@debian.org
> http://www.debian.org/security/ Matt Zimmerman
> April 6th, 2004 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : tcpdump
> Vulnerability : denial of service
> Problem-Type : remote
> Debian-specific: no
> CVE Ids : CAN-2004-0183 CAN-2004-0184
>
> tcpdump, a tool for network monitoring and data acquisition, was found
> to contain two vulnerabilities whereby tcpdump could be caused to
> crash through attempts to read from invalid memory locations. This
> bug is triggered by certain invalid ISAKMP packets.
>
> For the current stable distribution (woody) these problems have been
> fixed in version 3.6.2-2.8.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 3.7.2-4.
>
> We recommend that you update your tcpdump package.
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8.dsc
> Size/MD5 checksum: 587 3ea0f5275b154c914cdc9dea888e8a06
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8.diff.gz
> Size/MD5 checksum: 14097 7627c0d531403f0b0bdc7eaec51fb467
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
> Size/MD5 checksum: 380635 6bc8da35f9eed4e675bfdf04ce312248
>
> Alpha architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_alpha.deb
> Size/MD5 checksum: 214766 bf78750a3d7c0c963459eea70c45da6a
>
> ARM architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_arm.deb
> Size/MD5 checksum: 180688 c876fa96a530b66260e4310131ffd8df
>
> Intel IA-32 architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_i386.deb
> Size/MD5 checksum: 170210 96f4b92404a0c7b70b1cb37d03d16b70
>
> Intel IA-64 architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_ia64.deb
> Size/MD5 checksum: 248364 b127ef521476369c4be62bb8b7de2ff2
>
> HP Precision architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_hppa.deb
> Size/MD5 checksum: 196824 be99a94ba73d77f13626397cc1b20b4c
>
> Motorola 680x0 architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_m68k.deb
> Size/MD5 checksum: 158452 6c6679b4baf1c6b5b347d803d91acf83
>
> Big endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_mips.deb
> Size/MD5 checksum: 189936 90ccf025c9fab09251d6d60601e5c710
>
> Little endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_mipsel.deb
> Size/MD5 checksum: 194318 cf0dd499755794f3086e5d40d3190bec
>
> PowerPC architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_powerpc.deb
> Size/MD5 checksum: 177884 8a11b2a3fada3302b32d383ba2a5de44
>
> IBM S/390 architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_s390.deb
> Size/MD5 checksum: 175274 4541e31919482795ae84406f7122e06a
>
> Sun Sparc architecture:
>
> http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_sparc.deb
> Size/MD5 checksum: 180776 d6b4803e379f9354eb4a3f4546bdc22b
>
> These files will probably be moved into the stable distribution on
> its next revision.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFAczChArxCt0PiXR4RArG+AJ0b5hpLhc069+j+rydCbs3dCtRLrQCggX6C
> FoDISieg/l563iLJQffPrCs=
> =m3dO
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
How many seconds are there in a year? If I tell you there are
3.155 x 10^7, you won't even try to remember it. On the other hand,
who could forget that, to within half a percent, pi seconds is a
nanocentury.
-- Tom Duff, Bell Labs
Reply to: