-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-46 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 11 Sep 2007 Last revised: 11 Sep 2007 Package: tcpdump Summary: Tcpdump denial of service attack More information: Tcpdump is a tool designed to prints out the headers of packets on a network interface. Remote attackers to cause a denial of service (crash) via a crafted frame. Remote attackers to execute arbitrary code via crafted TLVs in a BGP packet. Impact: This vulnerability allows remote attackers to cause a denial of service and buffer overflow. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server Source Packages Size: MD5 tcpdump-3.8.3-7.src.rpm 581887 afffcf39b06fa74bf0aec3d72cddd562 Binary Packages Size: MD5 tcpdump-3.8.3-7.i586.rpm 277165 433745c88035f3f21ce484b039d38c01 Source Packages Size: MD5 tcpdump-3.9.1-2.src.rpm 677060 68582d14bf59b9219e6212170a55256b Binary Packages Size: MD5 tcpdump-3.9.1-2.i686.rpm 325041 92858a1a4ce9f87e45400ecb9a0f5b93 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/tcpdump-3.9.1-2.src.rpm 677060 ce9375a1b986c05a3d37ccb42d612d24 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/tcpdump-3.9.1-2.x86_64.rpm 346956 0cf31bd42192e2d22165d42e26931bc8 Source Packages Size: MD5 tcpdump-3.8.3-7.src.rpm 581887 1e5220052fdeb101f091bf786917ce5f Binary Packages Size: MD5 tcpdump-3.8.3-7.i586.rpm 265769 92c6a0150e7f95042d4ecc00748676cb Source Packages Size: MD5 tcpdump-3.8.3-7.src.rpm 581887 69f74248928677c34867543775817984 Binary Packages Size: MD5 tcpdump-3.8.3-7.i586.rpm 265927 4e5c16525e9295f542107e0794607109 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/tcpdump-3.8.3-7.src.rpm 581887 afffcf39b06fa74bf0aec3d72cddd562 Binary Packages Size: MD5 tcpdump-3.8.3-7.i586.rpm 277165 433745c88035f3f21ce484b039d38c01 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.3-7.src.rpm 581887 a5daf6d780c6eacc46b4984d23fc7604 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.3-7.i586.rpm 263215 2387dc33b2ad0dad5dbfbbafd51875da Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.3-7.src.rpm 581887 4267b0d9ca6d6570fcb5daee75040fda Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.3-7.i586.rpm 265957 fe050c2ff16388462de9d5d79b9cc94e References: CVE [CVE-2007-1218] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218 [CVE-2007-3798] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 -------------------------------------------------------------------------- Revision History 11 Sep 2007 Initial release -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG5nIcK0LzjOqIJMwRArAvAJ9YSkbaWS0ZYE9LLvkstUD26ARkJQCfUmXT OfOuefzBi7WXWvx73nB9KGw= =fcGC -----END PGP SIGNATURE-----