Lucene search

DebianDEBIAN:DLA-809-1:1DE9C

HistoryJan 30, 2017 - 10:07 p.m.

[SECURITY] [DLA 809-1] tcpdump security update

2017-01-3022:07:17

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.1%

JSON

Package : tcpdump
Version : 4.9.0-1~deb7u1
CVE ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925
CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929
CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933
CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937
CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973
CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984
CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993
CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203
CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342
CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485
CVE-2017-5486

Multiple vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial of
service or the execution of arbitrary code.

CVE-2016-7922

Buffer overflow in parser.

CVE-2016-7923

Buffer overflow in parser.

CVE-2016-7924

Buffer overflow in parser.

CVE-2016-7925

Buffer overflow in parser.

CVE-2016-7926

Buffer overflow in parser.

CVE-2016-7927

Buffer overflow in parser.

CVE-2016-7928

Buffer overflow in parser.

CVE-2016-7929

Buffer overflow in parser.

CVE-2016-7930

Buffer overflow in parser.

CVE-2016-7931

Buffer overflow in parser.

CVE-2016-7932

Buffer overflow in parser.

CVE-2016-7933

Buffer overflow in parser.

CVE-2016-7934

Buffer overflow in parser.

CVE-2016-7935

Buffer overflow in parser.

CVE-2016-7936

Buffer overflow in parser.

CVE-2016-7937

Buffer overflow in parser.

CVE-2016-7938

Buffer overflow in parser.

CVE-2016-7939

Buffer overflow in parser.

CVE-2016-7940

Buffer overflow in parser.

CVE-2016-7973

Buffer overflow in parser.

CVE-2016-7974

Buffer overflow in parser.

CVE-2016-7975

Buffer overflow in parser.

CVE-2016-7983

Buffer overflow in parser.

CVE-2016-7984

Buffer overflow in parser.

CVE-2016-7985

Buffer overflow in parser.

CVE-2016-7986

Buffer overflow in parser.

CVE-2016-7992

Buffer overflow in parser.

CVE-2016-7993

Buffer overflow in parser.

CVE-2016-8574

Buffer overflow in parser.

CVE-2016-8575

Buffer overflow in parser.

CVE-2017-5202

Buffer overflow in parser.

CVE-2017-5203

Buffer overflow in parser.

CVE-2017-5204

Buffer overflow in parser.

CVE-2017-5205

Buffer overflow in parser.

CVE-2017-5341

Buffer overflow in parser.

CVE-2017-5342

Buffer overflow in parser.

CVE-2017-5482

Buffer overflow in parser.

CVE-2017-5483

Buffer overflow in parser.

CVE-2017-5484

Buffer overflow in parser.

CVE-2017-5485

Buffer overflow in parser.

CVE-2017-5486

Buffer overflow in parser.

For Debian 7 "Wheezy", these problems have been fixed in version
4.9.0-1~deb7u1.

We recommend that you upgrade your tcpdump packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-------------- Ola Lundqvist --------------------
/ [email protected] GPG fingerprint
| [email protected] 22F2 32C6 B1E0 F4BF 2B26 |

http://inguza.com/ 0A6A 5E90 DCFA 9426 876F /

OSVersionArchitecturePackageVersionFilename
Debian7amd64tcpdump< 4.9.0-1~deb7u1tcpdump_4.9.0-1~deb7u1_amd64.deb
Debian8armeltcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_armel.deb
Debian8amd64tcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_amd64.deb
Debian8kfreebsd-amd64tcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_kfreebsd-amd64.deb
Debian8armhftcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_armhf.deb
Debian8mipstcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_mips.deb
Debian8ppc64eltcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_ppc64el.deb
Debian8kfreebsd-i386tcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_kfreebsd-i386.deb
Debian7i386tcpdump< 4.9.0-1~deb7u1tcpdump_4.9.0-1~deb7u1_i386.deb
Debian8alltcpdump< 4.9.0-1~deb8u1tcpdump_4.9.0-1~deb8u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	tcpdump	< 4.9.0-1~deb7u1	tcpdump_4.9.0-1~deb7u1_amd64.deb
Debian	8	armel	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_armel.deb
Debian	8	amd64	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_amd64.deb
Debian	8	kfreebsd-amd64	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_kfreebsd-amd64.deb
Debian	8	armhf	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_armhf.deb
Debian	8	mips	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_mips.deb
Debian	8	ppc64el	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_ppc64el.deb
Debian	8	kfreebsd-i386	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_kfreebsd-i386.deb
Debian	7	i386	tcpdump	< 4.9.0-1~deb7u1	tcpdump_4.9.0-1~deb7u1_i386.deb
Debian	8	all	tcpdump	< 4.9.0-1~deb8u1	tcpdump_4.9.0-1~deb8u1_all.deb