-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[sflack-security] tcpdump (SFSA:2007-230-01)
New tcpdump packages are available for Sflack 11.0, and 12.0
to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
Here are the details from the Sflack 12.0 ChangeLog:
+--------------------------+
patches/packages/tcpdump-3.9.7-x86_64-1_sflack12.0.tgz:
Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
This new version fixes an integer overflow in the BGP dissector which
could possibly allow remote attackers to crash tcpdump or to execute
arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at Evolva Telecom
(http://evolva.ro) and serghei.net (http://serghei.net)
for donating additional FTP and rsync hosting
to the Sflack project! :-)
Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.
Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/tcpdump-3.9.7-x86_64-1_sflack11.0.tgz
Updated package for Sflack 12.0:
ftp://ftp.sflack.com/pub/sflack/sflack-12.0/patches/packages/tcpdump-3.9.7-x86_64-1_sflack12.0.tgz
MD5 signatures:
+-------------+
Sflack 11.0 package:
f16910a98c4949764e251896dd0a9220 tcpdump-3.9.7-x86_64-1_sflack11.0.tgz
Sflack 12.0 package:
726d82c64d559823129937f06e69889a tcpdump-3.9.7-x86_64-1_sflack12.0.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg tcpdump-3.9.7-x86_64-1_sflack12.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG0sSUw79R6/xskD8RAsFZAJsGd/TYKbHn322E16ZnDPYrx1A3MACgiMJ9
wrEp6xCBErOKm5I8b1+UhK8=
=IMXJ
-----END PGP SIGNATURE-----
Correlati