Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2005 > Title ===== Mandriva Linux Security Update Advisories: 1. MDKSA-2005:084 - gnutls 2. MDKSA-2005:085 - kdelibs 3. MDKSA-2005:086 - gaim 4. MDKSA-2005:087 - tcpdump

May 2005

Title ===== Mandriva Linux Security Update Advisories: 1. MDKSA-2005:084 - gnutls 2. MDKSA-2005:085 - kdelibs 3. MDKSA-2005:086 - gaim 4. MDKSA-2005:087 - tcpdump

ID: 00410
Ref: 379/2005
Date: 13 May 2005:15:30:20
Version: 1
Title: Title ===== Mandriva Linux Security Update Advisories: 1. MDKSA-2005:084 - gnutls 2. MDKSA-2005:085 - kdelibs 3. MDKSA-2005:086 - gaim 4. MDKSA-2005:087 - tcpdump
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
Title
=====

Mandriva Linux Security Update Advisories:

1. MDKSA-2005:084 - gnutls

2. MDKSA-2005:085 - kdelibs

3. MDKSA-2005:086 - gaim

4. MDKSA-2005:087 - tcpdump


Detail
======

1. Two vulnerabilities were discovered in the GnuTLS library. The first
is a vulnerability in the way GnuTLS does record packet parsing; the
second is a flaw in the RSA key export functionality. These could be
exploited by a remote attacker to cause a Denial of Service to any
program using the GnuTLS library.

2. A buffer overflow in the PCX decoder of kimgio was discovered by Bruno
Rohee. If an attacker could trick a user into loading a malicious PCX
image with any KDE application, he could cause the execution of
arbitrary code with the privileges of the user opening the image.

3. More vulnerabilities have been found in the gaim instant messaging
client. A stack-based buffer overflow bug was found in how gaim
processes a message containing a URL; a remote attacker could send a
carefully crafted message to cause the execution of arbitrary code on
the user's machine (CAN-2005-1261).

4. A number of Denial of Service vulnerabilities were discovered in the
way that tcpdump processes certain network packets. If abused, these
flaws can allow a remote attacker to inject a carefully crafted packet
onto the network, crashing tcpdump.


1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gnutls
Advisory ID: MDKSA-2005:084
Date: May 12th, 2005

Affected versions: 10.1, 10.2
______________________________________________________________________

Problem Description:

Two vulnerabilities were discovered in the GnuTLS library. The first
is a vulnerability in the way GnuTLS does record packet parsing; the
second is a flaw in the RSA key export functionality. These could be
exploited by a remote attacker to cause a Denial of Service to any
program using the GnuTLS library.

The provided packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
3901ab03e31589ff09a17703c64834a7 10.1/RPMS/gnutls-1.0.13-1.1.101mdk.i586.rpm
9330b4d1e79efe3aba750ce9a5a17853 10.1/RPMS/libgnutls11-1.0.13-1.1.101mdk.i586.rpm
82bf186492340e2b873639b4e7c56346 10.1/RPMS/libgnutls11-devel-1.0.13-1.1.101mdk.i586.rpm
b0f68343453fb1c092b495e2d278af16 10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
7249cbf6e89c219cacce161ef912b722 x86_64/10.1/RPMS/gnutls-1.0.13-1.1.101mdk.x86_64.rpm
2aaf5157c4639258204a8239456a1dcc x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.1.101mdk.x86_64.rpm
4f2d1bc7f1ef8dfde81e1e471531d8a7 x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.1.101mdk.x86_64.rpm
b0f68343453fb1c092b495e2d278af16 x86_64/10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm

Mandrakelinux 10.2:
e806886f50d1143d859a58deca01be12 10.2/RPMS/gnutls-1.0.23-2.1.102mdk.i586.rpm
7be1c94df46ca3c351ec02ea577e9684 10.2/RPMS/libgnutls11-1.0.23-2.1.102mdk.i586.rpm
53f40a8e37fc739408ab555aebb8731b 10.2/RPMS/libgnutls11-devel-1.0.23-2.1.102mdk.i586.rpm
7ccd73cf5cd83af889657a95a6b499ae 10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
e09497fcb976f203ab4ab79a969fbfc2 x86_64/10.2/RPMS/gnutls-1.0.23-2.1.102mdk.x86_64.rpm
d2ff2b32ee329ceaa4da394119b67f8d x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.1.102mdk.x86_64.rpm
4c7b5da9adf83eab8bc4305ac7484b07 x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.1.102mdk.x86_64.rpm
7ccd73cf5cd83af889657a95a6b499ae x86_64/10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCg278mqjQ0CJFipgRAhnvAJ9x26FW+qK8c1bTVet8zxKxUYfrlgCfbsAN
AHt+2bTOHJMwjaMTmppjAWg=
=tLv3
- -----END PGP SIGNATURE-----


2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: kdelibs
Advisory ID: MDKSA-2005:085
Date: May 12th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A buffer overflow in the PCX decoder of kimgio was discovered by Bruno
Rohee. If an attacker could trick a user into loading a malicious PCX
image with any KDE application, he could cause the execution of
arbitrary code with the privileges of the user opening the image.

The provided packages have been patched to correct this issue.

In addition, the LE2005 packages contain fixes to configuring email
into kbugreport, fixing a KDE crasher bug, fixing a kicondialog
bug, a KHTML bug, and a knewsticker export symbol problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
http://bugs.kde.org/show_bug.cgi?id=101577
http://bugs.kde.org/show_bug.cgi?id=104475
http://bugs.kde.org/show_bug.cgi?id=99970
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
d9187f933c87279b7e72df6513490154 10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.i586.rpm
debbf58c43f6ceb879175c2b45fb7382 10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c 10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
2df5f703c954bcb4c206c2da57c30b50 x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.x86_64.rpm
d336bec3abe9699aaf20a8aa6b138af9 x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.1.101mdk.x86_64.rpm
f0f24bd12da26bc53d1385b661499f91 x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.1.101mdk.x86_64.rpm
debbf58c43f6ceb879175c2b45fb7382 x86_64/10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c x86_64/10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm

Mandrakelinux 10.2:
4bbf3caa4f7162f354c8f9049ff04cc6 10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.i586.rpm
9f45e9f161e746cef2782d8be428fa67 10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
b339bb5667ca8c8e49a91c52e8763953 x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.x86_64.rpm
6898b9fc463185750f73ca7249d0e079 x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.1.102mdk.x86_64.rpm
4d6de10fe1dacfd0f7f5ca727a066d6f x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.1.102mdk.x86_64.rpm
9f45e9f161e746cef2782d8be428fa67 x86_64/10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 x86_64/10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm

Corporate 3.0:
8fefa57d6fb048680557990918a44c59 corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.i586.rpm
cbaf86b446afde95d87ca74b67788ad6 corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
b9a0035248fdb687d370c3eba66b854e corporate/3.0/RPMS/libkdecore4-devel-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
2ca4ecccc1afe1a6a1c7793af93fd324 x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.x86_64.rpm
8f5cad1f3b8577a824b82d1937fdf127 x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.13.C30mdk.x86_64.rpm
305120c975db121e6e79699d6c7e9ef0 x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.13.C30mdk.x86_64.rpm
cbaf86b446afde95d87ca74b67788ad6 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCg2/BmqjQ0CJFipgRAplaAJ0azQ0LTUvfY39VLdPZSopTWv1zygCgiflw
qhZt2mYEQ87UYjXGLz0e8Jk=
=KwJu
- -----END PGP SIGNATURE-----



3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gaim
Advisory ID: MDKSA-2005:086
Date: May 12th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

More vulnerabilities have been found in the gaim instant messaging
client. A stack-based buffer overflow bug was found in how gaim
processes a message containing a URL; a remote attacker could send a
carefully crafted message to cause the execution of arbitrary code on
the user's machine (CAN-2005-1261).

Another bug was found in how gaim handles malformed MSN messages; an
attacker could send a carefully crafted MSN message that would cause
gaim to crash (CAN-2005-1262).

Gaim version 1.3.0 fixes these issues and is provided with this
update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
ed8172ba325d95f291a297903af41be0 10.1/RPMS/gaim-1.3.0-0.1.101mdk.i586.rpm
ad2fcbcb8f0c1034c4d4ec1c9544b4c0 10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.i586.rpm
21102fd5e78228809becd7ddf24351ba 10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.i586.rpm
837a724dd6917f305beb0423713fd8ac 10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.i586.rpm
5b3ca4cd6306963fb3e1b14c63df2244 10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.i586.rpm
199a0196f394b00efee48482f309936e 10.1/RPMS/libgaim-remote0-1.3.0-0.1.101mdk.i586.rpm
d5518ced2d7c76b4526fd68779693207 10.1/RPMS/libgaim-remote0-devel-1.3.0-0.1.101mdk.i586.rpm
44820576063dd74fb9c28b4a5699e36a 10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
4e2c86767236f1b8eeb188551bb27314 x86_64/10.1/RPMS/gaim-1.3.0-0.1.101mdk.x86_64.rpm
db62d40135b2a9848d3699424b556654 x86_64/10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.x86_64.rpm
3a0f91257813a81a7ec0456a220357c1 x86_64/10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.x86_64.rpm
38dd8f72ca74d9080a8e289bb186c92a x86_64/10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.x86_64.rpm
13359f709541ea9654312f75339c321b x86_64/10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.x86_64.rpm
8542aca1513904f4c0a87c3f0fe543c5 x86_64/10.1/RPMS/lib64gaim-remote0-1.3.0-0.1.101mdk.x86_64.rpm
171e1625bd227112e50659b0648d8173 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.101mdk.x86_64.rpm
44820576063dd74fb9c28b4a5699e36a x86_64/10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm

Mandrakelinux 10.2:
dae4fba008457633fe9f687285e43a34 10.2/RPMS/gaim-1.3.0-0.1.102mdk.i586.rpm
e79df04c807ee82e92ae8b1bd1c19f17 10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.i586.rpm
25bd9d7af41c8bbf6761b58465d89ee4 10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.i586.rpm
c8140054eb2228eb8a8aeade572ceae9 10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.i586.rpm
071ec72d9640dab11e58b9fd5eb196b2 10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.i586.rpm
f89cb44704cc525ab5f483737ea3ca45 10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.i586.rpm
8b93abaa4953aeba755d2498c91bfdb4 10.2/RPMS/libgaim-remote0-1.3.0-0.1.102mdk.i586.rpm
a44d9d2bd48fc0886938db762b111b9d 10.2/RPMS/libgaim-remote0-devel-1.3.0-0.1.102mdk.i586.rpm
199e401eab3fd4bc5a9c19eb9b42c84e 10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
e540621ec7ed8160e8a69f4c8e751c60 x86_64/10.2/RPMS/gaim-1.3.0-0.1.102mdk.x86_64.rpm
2a1491f4d49e424a389232f527567504 x86_64/10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.x86_64.rpm
d77f3c6453a0648c8561017b8eadf259 x86_64/10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.x86_64.rpm
53bb111a57f40c1b883978453c7e2301 x86_64/10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.x86_64.rpm
d69ede9ff9e8f64e34bd6a408e062e96 x86_64/10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.x86_64.rpm
4bc25f5496bac981116ede53777690fe x86_64/10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.x86_64.rpm
1df0f36a11d9e0ae880e2e2a9196291b x86_64/10.2/RPMS/lib64gaim-remote0-1.3.0-0.1.102mdk.x86_64.rpm
3232b0c2b7becfc489da906c619fef5a x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.102mdk.x86_64.rpm
199e401eab3fd4bc5a9c19eb9b42c84e x86_64/10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm

Corporate 3.0:
e149a73b4459e4910211c6164119d408 corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.i586.rpm
556d49ec86c6d89d50ed5ab6b7077618 corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.i586.rpm
0c9b562338fd7d15057ce66af6c0e916 corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.i586.rpm
893a7bc983c2502b089b0b28ebc68573 corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.i586.rpm
e0ca61a235d914865c52a01b24d53cc6 corporate/3.0/RPMS/libgaim-remote0-1.3.0-0.1.C30mdk.i586.rpm
643fc0e061166293c841faa09beb0dc6 corporate/3.0/RPMS/libgaim-remote0-devel-1.3.0-0.1.C30mdk.i586.rpm
050ba22fc5a9834d611cc671fd23e897 corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
7fd8169fd5f4b6b0b2ed0609a820ae09 x86_64/corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.x86_64.rpm
f4a248008e042fe09d11853ef385cbbf x86_64/corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.x86_64.rpm
68d12ef13d3419cf0358ca51b15b48ff x86_64/corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.x86_64.rpm
75207cb70b1388e1ef6d5aa5c8a47b33 x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.x86_64.rpm
9b76928971f8f5adac79c2e68e1a0793 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.0-0.1.C30mdk.x86_64.rpm
e7b767077d1ebba151fbd932c11746c7 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.C30mdk.x86_64.rpm
050ba22fc5a9834d611cc671fd23e897 x86_64/corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCg3VSmqjQ0CJFipgRAkjPAKCWLOG4H9jcph6x39b8Xrh/IKxT0ACdG1AT
BIi6b69OC/MGJ3XVhQTDEmk=
=Mt9w
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: tcpdump
Advisory ID: MDKSA-2005:087
Date: May 11th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A number of Denial of Service vulnerabilities were discovered in the
way that tcpdump processes certain network packets. If abused, these
flaws can allow a remote attacker to inject a carefully crafted packet
onto the network, crashing tcpdump.

The provided packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
e73bd8a6947c3685f0a1dcd370103a2d 10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.i586.rpm
1e36745b1695e0272989183d00489401 10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
49a077ec66ad00b73e7448328ef86b44 amd64/10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.amd64.rpm
1e36745b1695e0272989183d00489401 amd64/10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm

Mandrakelinux 10.1:
67d319eed39f1bafb30a25e57f7add2a 10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.i586.rpm
9367b2c7064311b7552a516c71da2335 10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
797c8b13a984821bf42b3a1ff1f0606f x86_64/10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.x86_64.rpm
9367b2c7064311b7552a516c71da2335 x86_64/10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm

Mandrakelinux 10.2:
5e3b9eaf014d072536aee3d4153149fd 10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.i586.rpm
a84d58a6c8e197106db7550b89cd7bc9 10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
46175965cf9fe968060f04212469403d x86_64/10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.x86_64.rpm
a84d58a6c8e197106db7550b89cd7bc9 x86_64/10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm

Corporate Server 2.1:
aa300032c33e2bbe3f4a164a0202c410 corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.i586.rpm
d56843af254ecdebf9c047f6fb903149 corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d539efda2769654b6a7368b74565d613 x86_64/corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.x86_64.rpm
d56843af254ecdebf9c047f6fb903149 x86_64/corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm

Corporate 3.0:
df9e3b52c36c3a68aa3c5a12464dfa33 corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.i586.rpm
13100cead5f5b078e0b3249d1f522339 corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
69a3d5fc2be9891eaeea2d1a0ebbfc09 x86_64/corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.x86_64.rpm
13100cead5f5b078e0b3249d1f522339 x86_64/corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCg3YAmqjQ0CJFipgRAvS+AJ0cehmVbljRCl/cttYQcpWEPVSjRQCbBqUx
nAuXy6n6kwgEVx3rVxZbRE8=
=Rst9
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |