Issued:

2015-07-22

Updated:

2015-07-22

RHBA-2015:1294 - tcpdump bug fix and enhancement update

Synopsis

tcpdump bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated tcpdump packages that fix two bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.

Description

The tcpdump packages contain a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria.

This update fixes the following bugs:

• Previously, the tcpdump utility was treating the argument for the "-i" option as a number if it contained a numeric prefix and other characters, not as a string. Consequently, packet capturing was not started on a specified interface at all or could get started on a incorrect interface. With this update, the argument for "-i" is treated as a number only if it contains only numerals 0-9; otherwise, the argument is treated as a string. For example, interface names such as "192_1_2" are no longer treated as interface number 192, but as a string. As a result, tcpdump starts correctly on a specified interface even if the interface name contains a numeric prefix. (BZ#972396)

• The tcpdump Cisco Discovery Protocol (CDP) dissector previously stopped parsing packet prematurely after encountering Type-Length-Value (TLV) field which had the length of 0 and no data associated with it. Consequently, some CDP packets were not completely dissected. A patch which alters code deciding when to stop parsing the packet has been applied to fix this bug. Now, zero length data TLVs are allowed, and CDP packets containing such TLVs are parsed correctly. (BZ#1130111)

In addition, this update adds the following enhancements:

• The kernel, glibc, and libpcap utilities now provide APIs to obtain nanosecond resolutions timestamps. The user can thus query which timestamp sources are available ("-J"), set a specific timestamp source ("-j"), and request timestamps with a specified resolution ("--time-stamp-precision"). (BZ#1045601)

• This update adds the new "-P" command-line argument for capturing packets in certain direction, which can ease debugging networking-related problems. (BZ#1099701)

Users of tcpdump are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Updated Packages

• tcpdump-4.0.0-5.20090921gitdf3cb4.2.el6.ppc64.rpm
• tcpdump-debuginfo-4.0.0-5.20090921gitdf3cb4.2.el6.i686.rpm
• tcpdump-4.0.0-5.20090921gitdf3cb4.2.el6.src.rpm
• tcpdump-debuginfo-4.0.0-5.20090921gitdf3cb4.2.el6.x86_64.rpm
• tcpdump-debuginfo-4.0.0-5.20090921gitdf3cb4.2.el6.s390x.rpm
• tcpdump-4.0.0-5.20090921gitdf3cb4.2.el6.s390x.rpm
• tcpdump-4.0.0-5.20090921gitdf3cb4.2.el6.x86_64.rpm
• tcpdump-debuginfo-4.0.0-5.20090921gitdf3cb4.2.el6.ppc64.rpm
• tcpdump-4.0.0-5.20090921gitdf3cb4.2.el6.i686.rpm

Fixes

• This content is not included.BZ - 972396
• This content is not included.BZ - 1045601

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at Security Contacts and Procedures.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.