RHBA-2015:1294 - Bug Fix Advisory

Topic

Updated tcpdump packages that fix two bugs and add two enhancements are now
available for Red Hat Enterprise Linux 6.

Description

The tcpdump packages contain a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces. Tcpdump can display all of the packet
headers, or just the ones that match particular criteria.

This update fixes the following bugs:

• Previously, the tcpdump utility was treating the argument for the "-i" option

as a number if it contained a numeric prefix and other characters, not as a
string. Consequently, packet capturing was not started on a specified interface
at all or could get started on a incorrect interface. With this update, the
argument for "-i" is treated as a number only if it contains only numerals 0-9;
otherwise, the argument is treated as a string. For example, interface names
such as "192_1_2" are no longer treated as interface number 192, but as a
string. As a result, tcpdump starts correctly on a specified interface even if
the interface name contains a numeric prefix. (BZ#972396)

• The tcpdump Cisco Discovery Protocol (CDP) dissector previously stopped

parsing packet prematurely after encountering Type-Length-Value (TLV) field
which had the length of 0 and no data associated with it. Consequently, some CDP
packets were not completely dissected. A patch which alters code deciding when
to stop parsing the packet has been applied to fix this bug. Now, zero length
data TLVs are allowed, and CDP packets containing such TLVs are parsed
correctly. (BZ#1130111)

In addition, this update adds the following enhancements:

• The kernel, glibc, and libpcap utilities now provide APIs to obtain nanosecond

resolutions timestamps. The user can thus query which timestamp sources are
available ("-J"), set a specific timestamp source ("-j"), and request timestamps
with a specified resolution ("--time-stamp-precision"). (BZ#1045601)

• This update adds the new "-P" command-line argument for capturing packets in

certain direction, which can ease debugging networking-related problems.
(BZ#1099701)

Users of tcpdump are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 972396 - TCPDUMP "INVALID ADAPTER INDEX" ON INTERFACE WHICH NAME STARTS AS NUMBER
• BZ - 1045601 - Allow tcpdump to support libpcap nanosecond timestamping

CVEs

(none)

References

(none)