[Technik] [SECURITY] [DSA 1353-1] New tcpdump packages fix
arbitrary code execution
Noèl Köthe
noel at debian.org
Mon Aug 13 10:08:34 CEST 2007
Am Samstag, den 11.08.2007, 12:59 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1353-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> August 11th, 2007 http://www.debian.org/security/faq
>
> Package : tcpdump
> Vulnerability : integer overflow
> Problem-Type : remote
> Debian-specific: no
> CVE ID : CVE-2007-3798
tcpdump auf h01, h02, h03, h04, cupa, wasco und yuma aktualisiert.
> For the oldstable distribution (sarge) this problem has been fixed in
> version 3.8.3-5sarge3.
changelog:
tcpdump (3.8.3-5sarge3) oldstable-security; urgency=high
* Fix buffer overflow in BGP dissector (CVE-2007-3798).
-- Moritz Muehlenhoff <jmm at debian.org> Wed, 8 Aug 2007 00:19:32 +0200
> For the stable distribution (etch) this problem has been fixed in
> version 3.9.5-2etch1.
changelog:
tcpdump (3.9.5-2etch1) stable-security; urgency=high
* Fix integer overflow in BGP dissector (CVE-2007-3798).
-- Moritz Muehlenhoff <jmm at debian.org> Tue, 7 Aug 2007 23:55:33 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070813/dcb207a7/attachment.pgp
More information about the Technik
mailing list