DebianDEBIAN:DLA-1097-1:0BD7E[SECURITY] [DLA 1097-1] tcpdump security update
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.4%
Package : tcpdump
Version : 4.9.2-1~deb7u1
CVE ID : CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897
CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901
CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987
CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991
CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995
CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999
CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003
CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007
CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011
CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015
CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019
CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023
CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027
CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031
CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035
CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039
CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043
CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047
CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051
CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055
CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690
CVE-2017-13725 CVE-2017-12893
Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service or, potentially, execution of arbitrary code.
For Debian 7 "Wheezy", these problems have been fixed in version
4.9.2-1~deb7u1.
We recommend that you upgrade your tcpdump packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | i386 | tcpdump | < 4.9.2-1~deb9u1 | tcpdump_4.9.2-1~deb9u1_i386.deb |
| Debian | 7 | all | tcpdump | < 4.9.2-1~deb7u1 | tcpdump_4.9.2-1~deb7u1_all.deb |
| Debian | 8 | powerpc | tcpdump | < 4.9.2-1~deb8u1 | tcpdump_4.9.2-1~deb8u1_powerpc.deb |
| Debian | 9 | arm64 | tcpdump-dbgsym | < 4.9.2-1~deb9u1 | tcpdump-dbgsym_4.9.2-1~deb9u1_arm64.deb |
| Debian | 9 | armhf | tcpdump-dbgsym | < 4.9.2-1~deb9u1 | tcpdump-dbgsym_4.9.2-1~deb9u1_armhf.deb |
| Debian | 9 | mipsel | tcpdump | < 4.9.2-1~deb9u1 | tcpdump_4.9.2-1~deb9u1_mipsel.deb |
| Debian | 9 | armhf | tcpdump | < 4.9.2-1~deb9u1 | tcpdump_4.9.2-1~deb9u1_armhf.deb |
| Debian | 8 | ppc64el | tcpdump | < 4.9.2-1~deb8u1 | tcpdump_4.9.2-1~deb8u1_ppc64el.deb |
| Debian | 9 | amd64 | tcpdump | < 4.9.2-1~deb9u1 | tcpdump_4.9.2-1~deb9u1_amd64.deb |
| Debian | 9 | arm64 | tcpdump | < 4.9.2-1~deb9u1 | tcpdump_4.9.2-1~deb9u1_arm64.deb |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.4%