=========================================================== Ubuntu Security Notice USN-119-1 May 06, 2005 tcpdump vulnerabilities CAN-2005-1278, CAN-2005-1279, CAN-2005-1280 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: tcpdump The problem can be corrected by upgrading the affected package to version 3.8.3-3ubuntu0.1 (for Ubuntu 4.10), or 3.8.3-3ubuntu0.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that certain invalid GRE, LDP, BGP, and RSVP packets triggered infinite loops in tcpdump, which caused tcpdump to stop working. This could be abused by a remote attacker to bypass tcpdump analysis of network traffic.