
---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x
Advisory ID:       RHSA-2001:089-08
Issue date:        2001-06-28
Updated on:        2002-02-12
Product:           Red Hat Linux
Keywords:          tcpdump buffer overflow
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

Updated tcpdump, libpcap, and arpwatch packages are available for Red
Hat Linux 6.2 and 7.x.  These updates close vulnerabilities
present in versions of tcpdump up to 3.5.1 and various other bugs.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386, ia64

3. Problem description:



4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  (  for more info):

45520 - Remote root exploit
49294 - security problem in tcpdump-3.6.2 AFS printing
47174 - libpcap-0.4-39.i386.rpm does not contain shared library libpcap.so.0
52654 - Tcpdump get spurious packets before kernel filter kicks in
57711 - arpwatch depends on csh for no good reason
54593 - Doco change in specfile (minor)
49635 - PATCH: tcpdump to drop root by default
58346 - tcpdump.spec creates pcap user with nonexistant shell

6. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
 

alpha: 
  
  
 

i386: 
  
  
 

sparc: 
  
  
 

Red Hat Linux 7.0:

SRPMS: 
 

alpha: 
  
  
 

i386: 
  
  
 

Red Hat Linux 7.1:

SRPMS: 
 

alpha: 
  
  
 

i386: 
  
  
 

ia64: 
  
  
 

Red Hat Linux 7.2:

SRPMS: 
 

i386: 
  
  
 

ia64: 
  
  
 



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
56393468b3c93882189220111407f3f7 6.2/en/os/SRPMS/tcpdump-3.6.2-10.6x.src.rpm
2a7bc8c33bc44112cd653deffa276ddb 6.2/en/os/alpha/arpwatch-2.1a11-10.6x.alpha.rpm
8438626e79402194be1f7e102e7aed4f 6.2/en/os/alpha/libpcap-0.6.2-10.6x.alpha.rpm
bc74cb7a9f90cf65e97a9b10cc279cc3 6.2/en/os/alpha/tcpdump-3.6.2-10.6x.alpha.rpm
9b11a1b1a4a73a2478d4b8717c860bcc 6.2/en/os/i386/arpwatch-2.1a11-10.6x.i386.rpm
a75d8ac51bff83006d89955cef92b9d5 6.2/en/os/i386/libpcap-0.6.2-10.6x.i386.rpm
fdf5f72d4fa307aafd3f79eff3924485 6.2/en/os/i386/tcpdump-3.6.2-10.6x.i386.rpm
03eca258656b8c0397588ddb7f081915 6.2/en/os/sparc/arpwatch-2.1a11-10.6x.sparc.rpm
6689626f08db5f9b437f408634057287 6.2/en/os/sparc/libpcap-0.6.2-10.6x.sparc.rpm
598314a8f72083c53ee6cea87df767f4 6.2/en/os/sparc/tcpdump-3.6.2-10.6x.sparc.rpm
f662da7a2d04059682e5e91369c27bdd 7.0/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm
1584a32f5454af549fa3894a8d9af857 7.0/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm
c5922dbfc1c0e6a4fd39b4566563c01e 7.0/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm
75a38254b6fd158af44f6864469158ba 7.0/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm
fb1f88cae5595afcd8da3f436045e8c4 7.0/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm
a718a12b3e9432b682fd56929c381100 7.0/en/os/i386/libpcap-0.6.2-10.7.i386.rpm
8330e5e715cad14f482fae2eff48c18c 7.0/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm
f662da7a2d04059682e5e91369c27bdd 7.1/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm
1584a32f5454af549fa3894a8d9af857 7.1/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm
c5922dbfc1c0e6a4fd39b4566563c01e 7.1/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm
75a38254b6fd158af44f6864469158ba 7.1/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm
fb1f88cae5595afcd8da3f436045e8c4 7.1/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm
a718a12b3e9432b682fd56929c381100 7.1/en/os/i386/libpcap-0.6.2-10.7.i386.rpm
8330e5e715cad14f482fae2eff48c18c 7.1/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm
115633171d83eb88b8e03b2289b18bb9 7.1/en/os/ia64/arpwatch-2.1a11-10.7.ia64.rpm
97a81098ffefd18a1a0d4c5b47531f30 7.1/en/os/ia64/libpcap-0.6.2-10.7.ia64.rpm
0876627b7435b5bc948e61b75e4d859c 7.1/en/os/ia64/tcpdump-3.6.2-10.7.ia64.rpm
8cc590d38b104a31da86c482702f8c52 7.2/en/os/SRPMS/tcpdump-3.6.2-10.7x.src.rpm
064982643eaa2f6a19a318e0c50f2b84 7.2/en/os/i386/arpwatch-2.1a11-10.7x.i386.rpm
a00187999381db2a22dadc1a1f1ebca9 7.2/en/os/i386/libpcap-0.6.2-10.7x.i386.rpm
b456a14d95d7fdf36f00ef0f41ebc1f4 7.2/en/os/i386/tcpdump-3.6.2-10.7x.i386.rpm
65d133820ef5bdb32baed29284c0101e 7.2/en/os/ia64/arpwatch-2.1a11-10.7x.ia64.rpm
0ac7da164d6b78e8fa62e6a43eb8cd80 7.2/en/os/ia64/libpcap-0.6.2-10.7x.ia64.rpm
a8ae32328eb4230b105e6ad5e7c01c58 7.2/en/os/ia64/tcpdump-3.6.2-10.7x.ia64.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     About

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
 


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.

RedHat: 'tcpdump' Remote root vulnerability

Updated tcpdump, libpcap, and arpwatch packages are available for RedHat Linux 6.2 and 7.x

Summary

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.
Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed ( for more info):
45520 - Remote root exploit 49294 - security problem in tcpdump-3.6.2 AFS printing 47174 - libpcap-0.4-39.i386.rpm does not contain shared library libpcap.so.0 52654 - Tcpdump get spurious packets before kernel filter kicks in 57711 - arpwatch depends on csh for no good reason 54593 - Doco change in specfile (minor) 49635 - PATCH: tcpdump to drop root by default 58346 - tcpdump.spec creates pcap user with nonexistant shell
6. RPMs required:
Red Hat Linux 6.2:
SRPMS:

alpha:

i386:

sparc:

Red Hat Linux 7.0:
SRPMS:

alpha:

i386:

Red Hat Linux 7.1:
SRPMS:

alpha:

i386:

ia64:

Red Hat Linux 7.2:
SRPMS:

i386:

ia64:

7. Verification:
MD5 sum Package Name 56393468b3c93882189220111407f3f7 6.2/en/os/SRPMS/tcpdump-3.6.2-10.6x.src.rpm 2a7bc8c33bc44112cd653deffa276ddb 6.2/en/os/alpha/arpwatch-2.1a11-10.6x.alpha.rpm 8438626e79402194be1f7e102e7aed4f 6.2/en/os/alpha/libpcap-0.6.2-10.6x.alpha.rpm bc74cb7a9f90cf65e97a9b10cc279cc3 6.2/en/os/alpha/tcpdump-3.6.2-10.6x.alpha.rpm 9b11a1b1a4a73a2478d4b8717c860bcc 6.2/en/os/i386/arpwatch-2.1a11-10.6x.i386.rpm a75d8ac51bff83006d89955cef92b9d5 6.2/en/os/i386/libpcap-0.6.2-10.6x.i386.rpm fdf5f72d4fa307aafd3f79eff3924485 6.2/en/os/i386/tcpdump-3.6.2-10.6x.i386.rpm 03eca258656b8c0397588ddb7f081915 6.2/en/os/sparc/arpwatch-2.1a11-10.6x.sparc.rpm 6689626f08db5f9b437f408634057287 6.2/en/os/sparc/libpcap-0.6.2-10.6x.sparc.rpm 598314a8f72083c53ee6cea87df767f4 6.2/en/os/sparc/tcpdump-3.6.2-10.6x.sparc.rpm f662da7a2d04059682e5e91369c27bdd 7.0/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm 1584a32f5454af549fa3894a8d9af857 7.0/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm c5922dbfc1c0e6a4fd39b4566563c01e 7.0/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm 75a38254b6fd158af44f6864469158ba 7.0/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm fb1f88cae5595afcd8da3f436045e8c4 7.0/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm a718a12b3e9432b682fd56929c381100 7.0/en/os/i386/libpcap-0.6.2-10.7.i386.rpm 8330e5e715cad14f482fae2eff48c18c 7.0/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm f662da7a2d04059682e5e91369c27bdd 7.1/en/os/SRPMS/tcpdump-3.6.2-10.7.src.rpm 1584a32f5454af549fa3894a8d9af857 7.1/en/os/alpha/arpwatch-2.1a11-10.7.alpha.rpm c5922dbfc1c0e6a4fd39b4566563c01e 7.1/en/os/alpha/libpcap-0.6.2-10.7.alpha.rpm 75a38254b6fd158af44f6864469158ba 7.1/en/os/alpha/tcpdump-3.6.2-10.7.alpha.rpm fb1f88cae5595afcd8da3f436045e8c4 7.1/en/os/i386/arpwatch-2.1a11-10.7.i386.rpm a718a12b3e9432b682fd56929c381100 7.1/en/os/i386/libpcap-0.6.2-10.7.i386.rpm 8330e5e715cad14f482fae2eff48c18c 7.1/en/os/i386/tcpdump-3.6.2-10.7.i386.rpm 115633171d83eb88b8e03b2289b18bb9 7.1/en/os/ia64/arpwatch-2.1a11-10.7.ia64.rpm 97a81098ffefd18a1a0d4c5b47531f30 7.1/en/os/ia64/libpcap-0.6.2-10.7.ia64.rpm 0876627b7435b5bc948e61b75e4d859c 7.1/en/os/ia64/tcpdump-3.6.2-10.7.ia64.rpm 8cc590d38b104a31da86c482702f8c52 7.2/en/os/SRPMS/tcpdump-3.6.2-10.7x.src.rpm 064982643eaa2f6a19a318e0c50f2b84 7.2/en/os/i386/arpwatch-2.1a11-10.7x.i386.rpm a00187999381db2a22dadc1a1f1ebca9 7.2/en/os/i386/libpcap-0.6.2-10.7x.i386.rpm b456a14d95d7fdf36f00ef0f41ebc1f4 7.2/en/os/i386/tcpdump-3.6.2-10.7x.i386.rpm 65d133820ef5bdb32baed29284c0101e 7.2/en/os/ia64/arpwatch-2.1a11-10.7x.ia64.rpm 0ac7da164d6b78e8fa62e6a43eb8cd80 7.2/en/os/ia64/libpcap-0.6.2-10.7x.ia64.rpm a8ae32328eb4230b105e6ad5e7c01c58 7.2/en/os/ia64/tcpdump-3.6.2-10.7x.ia64.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg