Lucene search

K
debian
DebianDEBIAN:DLA-809-1:1DE9C
HistoryJan 30, 2017 - 10:07 p.m.

[SECURITY] [DLA 809-1] tcpdump security update

2017-01-3022:07:17
lists.debian.org
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

Package : tcpdump
Version : 4.9.0-1~deb7u1
CVE ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925
CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929
CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933
CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937
CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973
CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984
CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993
CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203
CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342
CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485
CVE-2017-5486

Multiple vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial of
service or the execution of arbitrary code.

CVE-2016-7922

Buffer overflow in parser.

CVE-2016-7923

Buffer overflow in parser.

CVE-2016-7924

Buffer overflow in parser.

CVE-2016-7925

Buffer overflow in parser.

CVE-2016-7926

Buffer overflow in parser.

CVE-2016-7927

Buffer overflow in parser.

CVE-2016-7928

Buffer overflow in parser.

CVE-2016-7929

Buffer overflow in parser.

CVE-2016-7930

Buffer overflow in parser.

CVE-2016-7931

Buffer overflow in parser.

CVE-2016-7932

Buffer overflow in parser.

CVE-2016-7933

Buffer overflow in parser.

CVE-2016-7934

Buffer overflow in parser.

CVE-2016-7935

Buffer overflow in parser.

CVE-2016-7936

Buffer overflow in parser.

CVE-2016-7937

Buffer overflow in parser.

CVE-2016-7938

Buffer overflow in parser.

CVE-2016-7939

Buffer overflow in parser.

CVE-2016-7940

Buffer overflow in parser.

CVE-2016-7973

Buffer overflow in parser.

CVE-2016-7974

Buffer overflow in parser.

CVE-2016-7975

Buffer overflow in parser.

CVE-2016-7983

Buffer overflow in parser.

CVE-2016-7984

Buffer overflow in parser.

CVE-2016-7985

Buffer overflow in parser.

CVE-2016-7986

Buffer overflow in parser.

CVE-2016-7992

Buffer overflow in parser.

CVE-2016-7993

Buffer overflow in parser.

CVE-2016-8574

Buffer overflow in parser.

CVE-2016-8575

Buffer overflow in parser.

CVE-2017-5202

Buffer overflow in parser.

CVE-2017-5203

Buffer overflow in parser.

CVE-2017-5204

Buffer overflow in parser.

CVE-2017-5205

Buffer overflow in parser.

CVE-2017-5341

Buffer overflow in parser.

CVE-2017-5342

Buffer overflow in parser.

CVE-2017-5482

Buffer overflow in parser.

CVE-2017-5483

Buffer overflow in parser.

CVE-2017-5484

Buffer overflow in parser.

CVE-2017-5485

Buffer overflow in parser.

CVE-2017-5486

Buffer overflow in parser.

For Debian 7 "Wheezy", these problems have been fixed in version
4.9.0-1~deb7u1.

We recommend that you upgrade your tcpdump packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


-------------- Ola Lundqvist --------------------
/ opal@debian.org GPG fingerprint
| ola@inguza.com 22F2 32C6 B1E0 F4BF 2B26 |

http://inguza.com/ 0A6A 5E90 DCFA 9426 876F /
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

Related for DEBIAN:DLA-809-1:1DE9C