|
|
| Top White Papers
Current Newswire:
SOT Linux Advisories: tcpdump, sharutilsApr 08, 2004, 21:44 (0 Talkback[s])SOT Linux Security Advisory Subject: Updated tcpdump package for SOT Linux 2003 1. Problem description Tcpdump is a tool for network monitoring and data acquisition. According to a security advisory published by Rapid7, two vulnerabilities exists in the ISAKMP packet display functions of tcpdump. The Common Vulnerabilities and Exposures (CVE) project has reviewed both problems. CAN-2004-0183 identifies an overflow when displaying ISAKMP delete payloads with large number of SPIs, while CAN-2004-0184 identifies an integer underflow when displaying ISAKMP identification payload. These vulnerabilities appear only when verbose packet display is enabled by running tcpdump with the -v option. Users of Tcpdump should update to these erratum packages which are not vulnerable to these issues. 2. Updated packages SOT Linux 2003 Server: i386: SRPMS: 3. Upgrading package Before applying this update, make sure all previously released errata relevant to your system have been applied. Use up2date to automatically upgrade the fixed packages. If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux Update the package with the following command: rpm -Uvh <filename> 4. Verification All packages are PGP signed by SOT for security. You can verify each package with the following command: rpm --checksig <filename> If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below. Package Name MD5 sum /Server/i386/tcpdump-3.7.2-3.i386.rpm
d6c7be9ab5809ad73bf69c68e186e08e 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184 Copyright(c) 2001-2003 SOT SOT Linux Security Advisory Subject: Updated sharutils package for SOT Linux 2003 1. Problem description GNU sharutils is a common GNU package, included with most Linux distributions, designed to create and unpack SHell ARchives, which are used to send large binaries through email with more ease. The 'shar' utility included as part of the GNU sharutils package is prone to a buffer overflow vulnerability due to lack of bounds checking when processing the '-o' command-line flag. Users of Sharutils should update to these erratum packages which are not vulnerable to this issue. 2. Updated packages SOT Linux 2003 Desktop: i386: SRPMS: SOT Linux 2003 Server: i386: SRPMS: 3. Upgrading package Before applying this update, make sure all previously released errata relevant to your system have been applied. Use up2date to automatically upgrade the fixed packages. If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux Update the package with the following command: rpm -Uvh <filename> 4. Verification All packages are PGP signed by SOT for security. You can verify each package with the following command: rpm --checksig <filename> If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below. Package Name MD5 sum /Desktop/i386/sharutils-4.2.1-14.i386.rpm
1512ffaa6d9f1d27ce5a5ecaf833d8ef 5. References http://www.gnu.org/software/sharutils/ Copyright(c) 2001-2003 SOT
0 Talkback[s]
(click to add your comment)
|
