A security advisory RHSA-2004:219-07 says the following: Tcpdump v3.8.1 and earlier versions contained multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read beyond the end of the packet capture buffer and subsequently crash. These are fresh vulnerabilities as described in CAN-2004-0183 and CAN-2004-0184. A patch from that advisory applies unchanged to the previous "legacy" release of tcpdump. Does not sound like a killer bug but a fix is not that involved. ------- Additional Comments From michal 2004-06-06 15:04:25 ---- Created an attachment (id=718) Fix for CAN-2004-0183 and CAN-2004-0184 This patch was taken from tcpdump-3.6.2-12.2.1AS.6.src.rpm. A quick check of tcpdump-3.7.2-8.fc1.2.src.rpm strongly suggests that this patch will be valid also for a version used in RH9. ------- Additional Comments From michal 2004-06-06 15:06:24 ---- Created an attachment (id=719) changes to spec file This patch applies to spec from 17.7.3.4.legacy release of tcpdump ------- Additional Comments From marcdeslauriers 2004-06-08 02:09:29 ---- The packages I made in bug 1468 already have this patch applied. *** This bug has been marked as a duplicate of 1468 *** ------- Bug moved to this database by dkl 2005-03-30 18:25 ------- This bug previously known as bug 1728 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1728 Originally filed under the Fedora Legacy product and General component. Attachments: Fix for CAN-2004-0183 and CAN-2004-0184 https://bugzilla.fedora.us/attachment.cgi?action=view&id=718 changes to spec file https://bugzilla.fedora.us/attachment.cgi?action=view&id=719 Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.