Advisories: June 15, 2005

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: tcpdump
Advisory ID: MDKSA-2005:101
Date: June 15th, 2005
Affected versions: 10.1, 10.2

Problem Description:

A Denial of Service vulnerability was found in tcpdump during
the processing of certain network packages. Because of this flaw,
it was possible for an attacker to inject a carefully crafted
packet onto the network which would crash a running tcpdump
session.

The updated packages have been patched to correct this problem.
This problem does not affect at least tcpdump 3.8.1 and
earlier.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267

Updated Packages:

Mandrakelinux 10.1:
19f997352f3fef16e9809c33a9fd9e6f
10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.i586.rpm
91566ff6914608573f685a750a23e4a2
10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
23da8b573535902af955c3bc52b8da45
x86_64/10.1/RPMS/tcpdump-3.8.3-2.2.101mdk.x86_64.rpm
91566ff6914608573f685a750a23e4a2
x86_64/10.1/SRPMS/tcpdump-3.8.3-2.2.101mdk.src.rpm

Mandrakelinux 10.2:
317345c2da874d9c8b1333fcf7b0f81a
10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.i586.rpm
c7e1bb066e89aaa17188a9548262aee3
10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
49053eec4a4b00732cef1da5405a2ea5
x86_64/10.2/RPMS/tcpdump-3.8.3-2.2.102mdk.x86_64.rpm
c7e1bb066e89aaa17188a9548262aee3
x86_64/10.2/SRPMS/tcpdump-3.8.3-2.2.102mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Ubuntu Linux

Ubuntu Security Notice USN-140-1 June 15, 2005
gaim vulnerability
CAN-2005-1934

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package
to version 1:1.0.0-1ubuntu1.6 (for Ubuntu 4.10), or
1:1.1.4-1ubuntu4.3 (for Ubuntu 5.04). After doing a standard system
upgrade you need to restart Gaim to effect the necessary
changes.

Details follow:

A remote Denial of Service vulnerability was discovered in Gaim.
A remote attacker could crash the Gaim client of an MSN user by
sending a specially crafted MSN package which states an invalid
body length in the header.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6.diff.gz

Size/MD5: 48444 468f68e015435db9a0f7113808c57e58

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6.dsc

Size/MD5: 853 622bcdbdc5066a6596a42ea4ab8f7e22

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz

Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_amd64.deb

Size/MD5: 3444948 cae0518c1f2fa14f4e838dd46376fde4

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_i386.deb

Size/MD5: 3355296 bf14bf90ac7a3bebae7891d8142c3a0e