|
|
| Problem Description |
Off-by-one buffer overflow in the parse_elements function in the
802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier
allows remote attackers to cause a denial of service (crash) via a
crafted 802.11 frame.
Updated packages have been patched to prevent this issue.
| Updated Packages |
Mandriva Linux 2007.1
dd21fcc2041312477a7d255adfe3bf8d 2007.1/i586/tcpdump-3.9.5-1.2mdv2007.1.i586.rpm 51d352409c58bd2c85e2b84eb1569ead 2007.1/SRPMS/tcpdump-3.9.5-1.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
b6a61d821bb0c22c81519d91e02de34d 2007.1/x86_64/tcpdump-3.9.5-1.2mdv2007.1.x86_64.rpm 51d352409c58bd2c85e2b84eb1569ead 2007.1/SRPMS/tcpdump-3.9.5-1.2mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.