[SECURITY] [DLA 174-1] tcpdump security update

2015-03-1709:57:43

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.11

Percentile

95.2%

JSON

Package : tcpdump
Version : tcpdump_4.1.1-1+deb6u2
CVE ID : CVE-2015-0261 CVE-2015-2154 CVE-2015-2155

Several issues have been discovered with tcpdump in the way it
handled some printer protocols. Those issues can lead to denial
of service, or, potentially, execution of arbitrary code.

CVE-2015-0261

Missing bounds checks in IPv6 Mobility printer

CVE-2015-2154

Missing bounds checks in ISOCLNS printer

CVE-2015-2155

Missing bounds checks in ForCES printer

Thanks to Romain Françoise who prepared this update.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7i386tcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_i386.deb
Debian7mipstcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_mips.deb
Debian7alltcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_all.deb
Debian7powerpctcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_powerpc.deb
Debian6i386tcpdump< 4.1.1-1+deb6u2tcpdump_4.1.1-1+deb6u2_i386.deb
Debian7s390tcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_s390.deb
Debian7s390xtcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_s390x.deb
Debian7kfreebsd-amd64tcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_kfreebsd-amd64.deb
Debian7mipseltcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_mipsel.deb
Debian7amd64tcpdump< 4.3.0-1+deb7u2tcpdump_4.3.0-1+deb7u2_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	i386	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_i386.deb
Debian	7	mips	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_mips.deb
Debian	7	all	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_all.deb
Debian	7	powerpc	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_powerpc.deb
Debian	6	i386	tcpdump	< 4.1.1-1+deb6u2	tcpdump_4.1.1-1+deb6u2_i386.deb
Debian	7	s390	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_s390.deb
Debian	7	s390x	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_s390x.deb
Debian	7	kfreebsd-amd64	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_kfreebsd-amd64.deb
Debian	7	mipsel	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_mipsel.deb
Debian	7	amd64	tcpdump	< 4.3.0-1+deb7u2	tcpdump_4.3.0-1+deb7u2_amd64.deb