Updated tcpdump, libpcap, and arpwatch packages are available to fix an incorrect bounds check when decoding BGP packets and a possible denial of service.
Tcpdump is a command-line tool for monitoring network traffic. The BGP decoding routines in tcpdump before version 3.6.2 used incorrect bounds checking when copying data, which allows remote attackers to cause a denial of service and possibly execute arbitrary code (as the 'pcap' user). If a UDP packet from a radius port contains 0 at the second byte tcpdump gets stuck in a loop that generating an infinite stream of "#0#0#0#0#0". This could be used as a denial of service. Users of tcpdump are advised to upgrade to these errata packages which contain patches to correct thes issues.