--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x Advisory ID: RHSA-2001:089-08 Issue date: 2001-06-28 Updated on: 2002-02-12 Product: Red Hat Linux Keywords: tcpdump buffer overflow Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat Linux 6.2 and 7.x. These updates close vulnerabilities present in versions of tcpdump up to 3.5.1 and various other bugs. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 3. Problem description: 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 45520 - Remote root exploit 49294 - security problem in tcpdump-3.6.2 AFS printing 47174 - libpcap-0.4-39.i386.rpm does not contain shared library libpcap.so.0 52654 - Tcpdump get spurious packets before kernel filter kicks in 57711 - arpwatch depends on csh for no good reason 54593 - Doco change in specfile (minor) 49635 - PATCH: tcpdump to drop root by default 58346 - tcpdump.spec creates pcap user with nonexistant shell 6. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/tcpdump-3.6.2-10.6x.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/tcpdump-3.6.2-10.6x.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/libpcap-0.6.2-10.6x.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/arpwatch-2.1a11-10.6x.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/tcpdump-3.6.2-10.6x.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/libpcap-0.6.2-10.6x.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/arpwatch-2.1a11-10.6x.i386.rpm sparc: ftp://updates.redhat.com/6.2/en/os/sparc/tcpdump-3.6.2-10.6x.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/libpcap-0.6.2-10.6x.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/arpwatch-2.1a11-10.6x.sparc.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/libpcap-0.6.2-10.7.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm alpha: ftp://updates.redhat.com/7.1/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/libpcap-0.6.2-10.7.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm ia64: ftp://updates.redhat.com/7.1/en/os/ia64/tcpdump-3.6.2-10.7.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/libpcap-0.6.2-10.7.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/arpwatch-2.1a11-10.7.ia64.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/tcpdump-3.6.2-10.7x.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/tcpdump-3.6.2-10.7x.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/libpcap-0.6.2-10.7x.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/arpwatch-2.1a11-10.7x.i386.rpm ia64: ftp://updates.redhat.com/7.2/en/os/ia64/tcpdump-3.6.2-10.7x.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/libpcap-0.6.2-10.7x.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/arpwatch-2.1a11-10.7x.ia64.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 56393468b3c93882189220111407f3f7 6.2/en/os/SRPMS/tcpdump-3.6.2-10.6x.src.rpm 2a7bc8c33bc44112cd653deffa276ddb 6.2/en/os/alpha/arpwatch-2.1a11-10.6x.alpha.rpm 8438626e79402194be1f7e102e7aed4f 6.2/en/os/alpha/libpcap-0.6.2-10.6x.alpha.rpm bc74cb7a9f90cf65e97a9b10cc279cc3 6.2/en/os/alpha/tcpdump-3.6.2-10.6x.alpha.rpm 9b11a1b1a4a73a2478d4b8717c860bcc 6.2/en/os/i386/arpwatch-2.1a11-10.6x.i386.rpm a75d8ac51bff83006d89955cef92b9d5 6.2/en/os/i386/libpcap-0.6.2-10.6x.i386.rpm fdf5f72d4fa307aafd3f79eff3924485 6.2/en/os/i386/tcpdump-3.6.2-10.6x.i386.rpm 03eca258656b8c0397588ddb7f081915 6.2/en/os/sparc/arpwatch-2.1a11-10.6x.sparc.rpm 6689626f08db5f9b437f408634057287 6.2/en/os/sparc/libpcap-0.6.2-10.6x.sparc.rpm 598314a8f72083c53ee6cea87df767f4 6.2/en/os/sparc/tcpdump-3.6.2-10.6x.sparc.rpm f662da7a2d04059682e5e91369c27bdd 7.0/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm 1584a32f5454af549fa3894a8d9af857 7.0/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm c5922dbfc1c0e6a4fd39b4566563c01e 7.0/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm 75a38254b6fd158af44f6864469158ba 7.0/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm fb1f88cae5595afcd8da3f436045e8c4 7.0/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm a718a12b3e9432b682fd56929c381100 7.0/en/os/i386/libpcap-0.6.2-10.7.i386.rpm 8330e5e715cad14f482fae2eff48c18c 7.0/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm f662da7a2d04059682e5e91369c27bdd 7.1/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm 1584a32f5454af549fa3894a8d9af857 7.1/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm c5922dbfc1c0e6a4fd39b4566563c01e 7.1/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm 75a38254b6fd158af44f6864469158ba 7.1/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm fb1f88cae5595afcd8da3f436045e8c4 7.1/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm a718a12b3e9432b682fd56929c381100 7.1/en/os/i386/libpcap-0.6.2-10.7.i386.rpm 8330e5e715cad14f482fae2eff48c18c 7.1/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm 115633171d83eb88b8e03b2289b18bb9 7.1/en/os/ia64/arpwatch-2.1a11-10.7.ia64.rpm 97a81098ffefd18a1a0d4c5b47531f30 7.1/en/os/ia64/libpcap-0.6.2-10.7.ia64.rpm 0876627b7435b5bc948e61b75e4d859c 7.1/en/os/ia64/tcpdump-3.6.2-10.7.ia64.rpm 8cc590d38b104a31da86c482702f8c52 7.2/en/os/SRPMS/tcpdump-3.6.2-10.7x.src.rpm 064982643eaa2f6a19a318e0c50f2b84 7.2/en/os/i386/arpwatch-2.1a11-10.7x.i386.rpm a00187999381db2a22dadc1a1f1ebca9 7.2/en/os/i386/libpcap-0.6.2-10.7x.i386.rpm b456a14d95d7fdf36f00ef0f41ebc1f4 7.2/en/os/i386/tcpdump-3.6.2-10.7x.i386.rpm 65d133820ef5bdb32baed29284c0101e 7.2/en/os/ia64/arpwatch-2.1a11-10.7x.ia64.rpm 0ac7da164d6b78e8fa62e6a43eb8cd80 7.2/en/os/ia64/libpcap-0.6.2-10.7x.ia64.rpm a8ae32328eb4230b105e6ad5e7c01c58 7.2/en/os/ia64/tcpdump-3.6.2-10.7x.ia64.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.ciac.org/ciac/bulletins/l-015.shtml Copyright(c) 2000, 2001, 2002 Red Hat, Inc.